Article Written for: Orlando Medical News
The European Union's General Data Protection Regulation (GDPR) recently took effect and this has businesses asking whether their own website and data procedures must comply with the comprehensive new data law. Several commentators have suggested that everyone who does business on the internet - including information gathering - is subject to the GDPR's broad reach and stiff fines. In one podcast, a European commentator suggested that GDPR regulators may show up on the doorsteps of American companies to perform data privacy audits; and he claimed several companies could be bankrupted by fines for non-compliance.
Medical providers are keenly aware of HIPAA's stringent protection of patient health data, but the GDPR is different. Of particular concern, is the treatment of non-patient information and other data that might be captured by a website or through internet marketing activities. This may include general personal information, such as names and email addresses, and metadata, such as the location of a website visitor's computer, the frequency of website visits, and the amount of time a website user spends on webpage.