As the economy becomes increasingly digitized and as the information multiplies, ensuring data privacy and security is becoming highly important. GDPR specifies how personal data should be used and protected.
Companies that are handling health-related information like GE Healthcare and our Customers are fully in scope of GDPR.
Compliance with GDPR requires a partnership between you and GE Healthcare when you are using our services. You are taking care of your patients and their data. We share this sense of responsibility.
GE Healthcare has developed an efficient GDPR framework to facilitate its implementation.
One of the most tangibles elements of GDPR compliance is a Data Processing Agreement that must be signed by both parties.
GDPR consolidates data protection across Europe
to address challenges generated by 21st century
GDPR places direct obligations on Data Processors
(e.g. GE Healthcare) for the first time
at EU-wide level.
As a Data Controller, you have a mandatory
obligation to notify your supervisory authority
of a data breach within 72 hours.
GDPR references limitations and legal mechanisms
(including Binding Corporate Rules ) for the transfer
of personal data outside of the European Union.
GDPR introduces a new concept of accountability, which
requires you to be able to demonstrate how you comply with GDPR.
Both you and GE Healthcare must keep detailed records
of processing activities and implement appropriate technological
and organizational measures.
GDPR provides supervisory authorities with wide-ranging
powers to enforce compliance, including the power to impose
significant fines. You may face fines of up to €20m or 4%
of your total annual turnover.
As an ongoing commitment to our customers, we have worked attentively over the past years to help you address the EU data protection requirements.
GE Healthcare has certified critical parts of its
Customer Remote Services to this Information Security
Management Systems (ISMS) framework.*
See the ISO 27001 Certification Here.
*as per this framework, the scope and applicability of these certifications will be continuously improved.
We have a dedicated privacy and security team to
develop and support policies, processes and trainings.
Privacy requirements are considered through
the development of all our products and services.
For international transfers, GE Healthcare relies
on EU approved legal mechanisms (Model Clauses Agreement,
Privacy Shield, Binding Corporate Rules).
GE Healthcare as a Data Processor transposes
the obligations we have with you as a Data Controller
to our suppliers processing your data on our behalf.
GE Healthcare is revising its incident investigation
process to support breach notification should it be
We have an ongoing data protection impact assessment
process related to personal data.