Digital medtech: Rising to the GDPR opportunity

  • Posted on 11.07.2019

Digital medtech: Rising to the GDPR opportunity


Shannon Zeigler

Coordinator Legal & Compliance, MedTech Europe


I believe that data has the power to transform patient care. But do the legal and regulatory landscapes in Europe and around the world pose some sort of obstacle to digital health innovation in the medical technology sector?

This is a hot topic right now as patients – indeed, all citizens – become increasingly aware of data security issues. Privacy and data protection have caught a tailwind in the United States in light of several large data breaches and the revelation of the mismanagement of citizens’ personal information. This has manifested in the passage of the CCPA in California, as well as the proposal of multiple other state and federal levels privacy bills.

Conversely, a data protection regulatory framework has been in place in the EU for decades (the Data Protection Directive came into effect in 1995). However, with the passage of time and the incredible technological leaps we have seen over the past decade, the old framework was poised for a facelift. That came in the form of the GDPR.

In my opinion, there is no question that the use of data has the potential and ability to provide better healthcare options to patients, ranging from monitoring to diagnosis, to patient counseling and treatment management. However, I think rather than view the GDPR and other regulatory instruments as barriers to entry or insurmountable hurdles, companies should instead shift their perspective.

Perhaps data protection rules present an opportunity to rethink approaches and to find the correct balance between safeguarding individuals’ health data without creating significant practical and logistical hurdles.

I addressed this issue at AdvaMed’s third annual Digital MedTech Conference in May. The event was a chance to discuss differences and similarities between regulatory approaches, and to put to bed some “fake news” surrounding digital health and data protection in Europe. 

One idea that caught my attention was to hold a “data fantasy camp”. This is a discussion across business units about what they would like to do or foresee being able to do if there were no privacy or data protection restrictions. This exercise and similar ones can flip the conversation from what business can’t do, to what they want to do and, and serves as a starting point for prioritizing data usage and quantifying its value.

Of course, GDPR is not perfect. It presents challenging questions for specific industries, including our own. That is why MedTech Europe has supported and assisted industry in developing guidance to address some of these questions. However, GDPR is still in its infancy – the Regulation just celebrated its first birthday on 25 May 2019.

As a result, questions remain regarding its long-term impact on medtech, and the verdict is still out on its ultimate success. However, what is clear is that GDPR has raised the bar. Patients know more and expect more, and it is up to industry to rise to this challenge. I am confident it has and will continue to do so.

The comments are closed.