General Data Protection Regulation (GDPR)

Jump to:navigation,search
Original Editor-Angeliki Chorti Top Contributors-Angeliki Chorti

Introduction[edit|edit source]

The General Data Protection Regulation (GDPR) is a European Union (EU) data protection law that provides a set of rules on how personal data should be gathered and handled. Any business that collects, keeps and analyses data sourced from EU citizens should follow the GDPR guidelines.

The main aim of the GDPR is to make sure that patients own their data at all times and use it for purposes for which they have given direct informed consent.

How does this relate to physiotherapy practice?[edit|edit source]

All patient information should be collected and used appropriately and according to the requirements of the GDPR to protect personal and sensitive data. This may require organisational and technical security measures to protect patient data inclinical recordsagainst unauthorised disclosure or processing.

The same applies to digital physiotherapy services, such astelehealthservices. Third parties may be used to process or store patient data for e.g. assessment and exercise programmes software orelectronic medical records. These third parties should process and store the data in their systems according to GDPR requirements.

Resources[edit|edit source]

Data Ethics and GDPR- Chartered Society of Physiotherapy, UK

Retrieved from "http:///index.php?title=General_Data_Protection_Regulation_(GDPR)&oldid=317748"