Data protection (GDPR)
MedFlow follows the principles of the EU General Data Protection Regulation (GDPR). Detailed agreements about data processing, roles and retention periods are defined in the contract.
Roles and responsibility
- Clearly defined controller and processor roles as per agreement.
- Data processing agreement precisely defines who processes what data and how.
- Owners are defined for each data type.
Data subject rights
- Support for data subject requests (e.g. access, rectification, deletion).
- Data export functions support data portability.
- Procedures for fulfilling data subject rights are documented.
Retention periods and logs
- Logs that show who accessed or changed data and when.
- Retention periods are defined in the contract according to data type.
- Data deletion procedures are in place.
Access rights and configuration
- Access rights configured by roles and departments.
- Data access is restricted according to need (principle of least privilege).
- Access right changes are logged and traceable.
Do you need a sample data processing agreement or more details?Contact us