Fact: This is GDPR
The General Data Protection Regulation – in English “General Data Protection Regulation”, GDPR – was introduced on 25 May 2018 and replaced the previous Personal Data Act (PUL).
GDPR was introduced simultaneously in all EU countries to create a uniform and equivalent level for the protection of personal data within the EU.
The purpose of the regulation is to protect the fundamental rights and freedoms of the individual citizen, especially their right to protection of personal data.
The law covers all types of businesses and bodies that collect and store personal data.
Source: The Swedish Privacy Agency
— Yes, we made a decision in political agreement to put the patients first here, says regional board chairman Ulf Berg (M) to The medical journal.
The legal problems with the new technology, such as insulin pumps and sensors, are that the products collect patient data that often ends up on cloud services outside the EU. This entails strict requirements for security measures according to the GDPR, which in practice are perceived as impossible to fulfill.
This also applies to the current tools used within Region Dalarna. According to the region’s lawyers, the use may therefore involve an illegal third-country transfer, which may lead to penalty fees from the Swedish Privacy Agency.
— The relationship between what the citizens gain from this law versus what you can lose if you are diabetic, for example, I don’t think it can be compared. We have weighed the risk of the patient being adversely affected compared to the legal risk, and then we have sided with the patient. Hopefully there are new rules in the works that will prevent you from ending up in this misery, says Ulf Berg to Läkartidningen.