Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more
Home / Healthcare & Medicine / Healthcare / Protecting Health Data in the Modern Age: Getting to Grips with the GDPR / Meet the Data Protection Officer

Meet the Data Protection Officer

Watch the Data Protection Officer (DPO) explain more about her tasks.
View transcript
4
My name is Boudien Sieperda, and I’m the Data Protection Officer, DPO in short, at the University Medical Centre in Groningen. Within the UMCG, I am part of the Privacy Work Organisation, which is a subdivision of our Office of Legal Affairs. With this Privacy Work Organisation, I work with a number of colleagues with different backgrounds and expertise, including lawyers and information security officers. Hospitals process large amounts of sensitive health data. This is why the GDPR provides that the DPO needs to be appointed. My colleagues involve me whenever an issue relating to the protection of personal data arises within the hospital Organisation. As DPO, I have a number of main tasks.
47.4
I supervise all issues related to the processing of personal data within the UMCG and monitor compliance with the principles of the GDPR and other policies and regulations of data protection, and I inform and provide advice to all staff members on how best to handle issues relating to privacy in such a way that it does not affect their day-to-day job. I enable them to process personal data while being compliant to the GDPR. I furthermore provide advice when data protection impact assessments need to be carried out, and then go operate and act as a contact person for the supervisory authority. The best part of my job is, however, to raise awareness and train my colleagues in data protection aspects of processing operations.
90.4
I help my colleagues to identify risks and find the appropriate safeguards. This is fun and challenging because you need to strike the right balance between privacy protection on the one hand and providing good health care on the other hand. The UMCG is a health care institution where privacy and confidentiality are crucial aspects to provide our patients with a safe environment. Privacy and confidentiality are therefore very much part of the job for our staff members. While we have high regard for matters of privacy, because health data needs to be handled with care, our policy should not impede healthcare because people’s health and lives are on the line.
127.8
This is why we need to think carefully about which measures to take to protect personal data and mitigate the privacy risks involved for our patients, while not impeding the work of our doctors and nurses.

Hospitals process large amounts of sensitive health data. This is why the GDPR provides that a Data Protection Officer (DPO) needs to be appointed. The DPO is involved whenever an issue relating to the protection of personal data arises within the hospital organisation.

A DPO has a number of main tasks based on Article 37 GDPR:

  1. To supervise all issues relating to the processing of personal data and monitor compliance with the principles of the GDPR and other policies and regulations of data protection;

  2. To inform and provide advice to all staff members on how best to handle issues relating to privacy;

  3. To provide advice when data protection impact assessments need to be carried out;

  4. To cooperate with and act as a contact person for the supervisory authority;

  5. To raise awareness and train staff members in data protection aspects of processing operations

The job of a DPO is not to limit processing, but to enable it while being compliant to the GDPR. He or she helps to identify risks and find the appropriate safeguards.

This job needs to be done with care considering that the right balance needs to be stricken between privacy protection and providing good healthcare. When lives are on the line, policies should not impede healthcare. This is why measures need to be well thought through in order to protect personal data and mitigate the privacy risks involved while not impeding the work of doctors and nurses.

Want to keep
learning?

This content is taken from
University of Groningen online course,

Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

View Course

We would like to hear from you. Do you know whether you have a DPO in your place of work? Or have you had any training on data protection yourself? Please feel free to share your experiences with other learners. We do of course ask you to do this in a respectful manner and please do not share any information that might be contentious. This is after all a course on data protection!

Want to keep learning?

This content is taken from University of Groningen online course
Protecting Health Data in the Modern Age: Getting to Grips with the GDPR
View Course
See other articles from this course
This article is from the online course:

Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

Created by
Join Now
This article is from the free online

Protecting Health Data in the Modern Age: Getting to Grips with the GDPR

Created by
Join Now
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now

Register to receive updates

  • Create an account to receive our newsletter, course recommendations and promotions.

    Register for free