Caught in the Compliance Web: DPOs and the art of their Code of Conduct, Certification and digital health technology assessment Journey.

 

Chair: Christophe Maes

Abstract

This workshop aims to highlight:

the practical implications of assessments for compliance with the GDPR and more specific related to privacy and transparency within the different areas of digital health.
existing assessment and certification frameworks with focus on AI and Telemedicine
feasible and criteria relevant for the DPO in order to harmonise the European assessment frameworks

Data Protection Officers (DPOs) face a complex landscape when striving for compliance with privacy and transparency regulations dealing with different areas of digital health, including the novel areas such as AI and telemedicine.

This complexity is magnified by the need to know what can be checked and what cannot beassessed. Each of the assessment instruments present unique challenges and demand a thorough understanding of digital health area specific GDPR and cybersecurity implications.The DPOs must ensure that the data processing activities meet the stringent criteria set by Data Protection Certification bodies, those of the internal Code of Conduct as well those defined by the health technology assessment frameworks. A lack of a uniform & standardised PAN-EU privacy and transparency requirements framework for the different digital health areas, makes it even more difficult as DPO to contribute to procurement and adoption decisions, and potentially to be able to review and make judgements about conformityassessments.

 Structure: 

The 90-minute session will begin with three 10-minutes presentations:

1. Christophe Maes, i~HD will give a heads-up about the different privacy and transparency requirements used in the PAN-EU conformity assessments web.
2. Yoanni Matsakis, EUCROF
3. EFPIA

The presentations will be followed by an interactive workshop discussing, scoping and defining the digital health area specific objective privacy and transparency requirements.Downsizing the number of existing criteria to mandatory, relevant and feasible criteria.

The aim is to draw up a set of criteria relevant to DPOs that will be submitted to the health technology assessment bodies to establish a harmonised assessment framework.