Skip main navigation

Data security

Watch Trix Mulder and an information security officer explain more about data security.

There are always risks involved when working with personal data, if it’s an electronic or hardcopy patient file. This is why the GDPR provides for provisions relating to security of personal data. Information security covers three aspects:

  1. Confidentially;

  2. Integrity;

  3. Availability.

To ensure an adequate level of protection, the GDPR provides that appropriate technical and organisational measures need to be taken. This may include anonymisation, pseudonymisation or encryption of data, but also organisation specific policies which address the risks of processing of that particular organisation. These policies are necessary considering that risks can’t always be avoided.

One of the risks involved is unauthorised access. If a patient file is accessed by someone who is not authorised, the GDPR determines that there is a data breach. This breach needs to be notified to the national supervisory authority and in some cases communicated to the patient.

Another way to prevent a data breach is not to keep data longer than necessary. When the health data is no longer necessary for the treatment of the patient, the GDPR determines that the patient has the right to request erasure of that data. It is furthermore required by law that data is kept for a maximum amount of time. We will discuss data retention later this week.

This article is from the free online

Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now