As we reported on Twitter, the European Commission announced the launch of the European Health Data Space (EHDS), an initiative designed to empower people to control and use their health data in their home country or in other member states. At the same time, it promotes a consistent framework for the use of health data for research and innovation, and compliance with the EU’s data protection standards.
The Commission emphasizes in its statement that the EHDS builds further on the GDPR as well as anticipated new legislation related to data protection in the EU – the proposed Data Governance Act, the draft Data Act, and the NIS Directive. It will, in addition, establish rules designed specifically for health data - see links below.
For companies and organizations collecting and processing health data, the EU’s heightened focus on health sector data signals the possibility of new opportunities. From a data protection standpoint, the announcement notes that this initiative will offer a framework that promotes compliance with laws in Europe, but that there will be no relaxing of the EU’s high standards for data protection. Instead, it appears likely that additional rules will be put in place to ensure the protection and safe transfer of health data.
In the meantime, given its focus on protecting sensitive health data, organizations can best prepare for it will continue to be important that organizations understand the GDPR – and any new law the EU may enact to facilitate the European Health Data Space – and to build the internal programs and processes necessary to comply.
The proposed Data Governance Act: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0767&from=EN
Link to the draft Data Act: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52022PC0068&from=EN
Link to the NIS Directive: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L1148&from=EN
Achieved Compliance can fortify your organization's understanding of the GDPR and potential new regulations to ensure proactive readiness for the evolving data protection landscape. Contact us today to learn more.
The European Commission’s announced in December that it has begun its process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (the Framework). Companies seeking to transfer data from countries in the European Union to the United States will need to take steps to be in alignment with this new change.