Privacy is the right of individuals to keep their information confidential. This type of information is classified in public, personal and sensitive. Health and medical information is one of the most sensitive forms of information.
As a service provider, you must take measurements to protect the privacy of the individual.
You must specify:
- Which data is collected and if that data is needed for your project / application.
- If you aim to spread information to other applications, you need to specify which data, how the data is exchanged and if the individual needs to give his consent.
- The taken safeguards or precautions to prevent inappropriate access.
- How long you will keep the data (retention period).
- How and where you will store the data.
In any case, you must comply with the General Data Protection Regulation (GDPR) 2016/679/EC which is into effect since 25 May 2018. Below you can find the summary of the main requirements of the GDPR: