(Answered) General Data Protection Regulation (GDPR)

(Answered) General Data Protection Regulation (GDPR)

(Answered) General Data Protection Regulation (GDPR) 150 150 Prisc

General Data Protection Regulation (GDPR)

Explore the impact of the General Data Protection Regulation 2018 (GDPR) on the provision of health services and your role as a Medical Secretary.

You will need to discuss Act and how it would be applied within the workplace of a Medical Secretary, and how they impact the development of policy (this is the update of policies if and when there are changes to legislation).

Information can be found on below sites


Sample Answer

General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a data protection law that imposes obligations to every individual and organisation involved in data collection. Each EU member state adopts other additional laws. For example, in Ireland, the Data Protection Acts and other regulations have been adopted. The GDPR states that persona data should be only be stored on a lawful basis, such as having the legal obligation or where consent has been obtained. As outlined by the legislative act, individual rights include the right to access data, request for correction, request for data to be erased, restricted, object processing, withdraw consent, and lodge a complaint (Chico, 2018). Every individual has the right to have their personal information protected, corrected, made available, and used in a legal and fairway.

The legislation has put patients in charge of health data as they can make various requests, and they have to issue consent for the data to be transferred or utilized. The legislation has impacted how care is offered, with the emphasis being on the security of the patient’s information. The legislation has introduced cybersecurity provisions improving transparency. Healthcare providers and administrative teams are governed by policies such as data controllers being required to inform a supervisory authority within 72 hours in case of a data breach, and if the breach is too risky, the patient should be informed (Yuan & Li, 2019).

The role of the medical secretary has been impacted as one has to adhere to various standards such as carrying out data protection impact assessment before processing any sensitive information. There are a set of principles that outlines four standards that data should pass through, and they include purpose limitation, data minimisation, proportionality, and data control (Yuan & Li, 2019). A medical secretary has to apply data security at all times, or they risk higher sanctions that may apply to the whole organisation. This includes fines as heavy as 4% of an organisation’s global annual revenue for minor breaches of €20 million for major beaches.


  • Chico, V. (2018). The impact of the General Data Protection Regulation on Health Research. British Medical Bulletin128(1), 109-118. https://academic.oup.com/bmb/article-abstract/128/1/109/5184942
  • Yuan, B., & Li, J. (2019). The Policy Effects of The General Data Protection Regulation (GDPR) On the Digital Public Health Sector in The European Union: An Empirical Investigation. International Journal of Environmental Research and Public Health16(6), 1070. https://www.mdpi.com/434188