In the time of the COVID-19 pandemic, when health care professionals work in extraordinary circumstances and thus collect a greater amount of personal data from patients (as well as workers), numerous doubts arise about the processing of personal data. In order to facilitate the understanding of data protection regulations, AZOP in cooperation with the Croatian Chamber of Economy, today, November 19, organised GDPR online workshop for healthcare professionals on personal data protection and harmonisation with the GDPR.

The head of the Department for Education and information Security Petar Misevic thanked the AZOP and Director Zdravko Vukic for having been selected as a partner in this valuable project.

“Since the GDRP came into force two and a half years ago, we have encountered many difficulties, and we still have some doubts which are not surprising since a large amount of personal data is being processed through our sector,” said, the president of the private health sector community. Kresimir Rotim.

During the first part of the workshop, ARC experts were explaining basic concepts from the GDPR (such as who is the controller and processor, who is the data subject and what personal data are), the legal basis for processing personal data, and what obligations the controller and processor have, along with specific examples from the health care system.

Healthcare professionals working with special categories of personal data (patient health data) must be aware of all potential risks and implement increased precautionary and protection measures, in order to ensure the safety and confidentiality of personal data in all segments of their processing. Therefore, the workshop also describes technical and organizational measures that need to be implemented in order to protect data, but also what are the most frequent violations of personal data and how to prevent them.

However, the emphasis of the workshop was the processing of personal data in the context of the COVID-19 pandemic, where the greatest number of questions and ambiguities arises about how to lawfully process patients’ data. Sending medical tests to the patients, filling out triage questionnaires, measuring temperatures with thermal cameras are just some of the topics that were discussed during the workshop. It was pointed out that when collecting personal data, a healthcare institution must provide patients with all information related to the processing of personal data in a simple and easily accessible manner. (who is the controller, what is the purpose and lawfulness of the processing, who has the right to access these data, how long the personal data can be stored, what are the rights of the data subject regarding the processing of personal data …)

Finally, in order to obtain the complete information necessary to comply with the GDPR, the participants of the workshop were presented with the processing of personal data through cookies, data subjects’ rights and the importance and role of the Data Protection Officer, which each institution is required to appoint. The Data Protection Officer (DPO) is in fact the key of reliability, mediator and competitive advantage, and the workshop also highlighted recommendations regarding the DPO.

The workshop “Personal Data Protection and Harmonization with the GDPR in the health sector during he COVID-19 pandemic” was conducted within the framework of the European project ARC (Awareness Raising Campaign for SMEs), implemented by AZOP as coordinator, while the Irish Data Protection Commission and the University of Vrije from Brussels participate in the project as partners.