Impact of the GDPR on the Development of eHealth Software

The new EU General Data Protection Regulation (GDPR) became effective on May 25, 2018 and regulates how personal data may be processed by companies, government agencies and other organizations in the European Union (EU). Since prior research focused mostly on the GDPR in general, its implications and impact on the development of health software are not as intuitive as one may think. Even though our main goal was to analyze the impact of the GDPR on health software, we have simultaneously covered several other important aspects of complying with the GDPR by researching relevant literature. We have outlined the history and content of the GDPR as well as other regulations like the Federal Data Protection Act (FDPA) and put them into the context of health. As a result, we were able to identify best practices for health-app providers and possibilities on how to comply with specific key aspects of the GDPR. Several other regulations and norms have been considered and illustrated concisely in this thesis. We have subsequently applied or analysis on eSano, the health platform of the University of Ulm. Our results show that eSano is GDPR-compliant with minor room for improvement.