We're building Moveshelf, the first all-in-one application for clinical movement labs. Why is that needed now? And for whom? We're posting a series of blog posts answering that question. In this fifth part, we're taking a look at how data protection officers benefit from having Moveshelf in the movement lab.
Personal data in movement labs
Data collected in a movement lab (e.g. EMG, force, 3D kinematics) is Personal Data in the sense of the GDPR unless it has been irreversibly anonymized. That is, it must be impossible to link back the data to an individual, such as by using a unique patient code. And certainly, videos of a natural person always remain Personal Data as the individual can be readily identified from the video.
At Moveshelf we take all precautions to ensure GDPR compliance on all data. This makes it easier for the Data Controller, the healthcare centre that decides the purpose for the data collection and obtains consent from the patient, to comply to GDPR as part of its Standard Operating Procedures. This concerns Data Protection (security, integrity, encryption), ensuring the Privacy of Data Subjects, and ensuring Data Subjects can exercise their rights of access and data portability.
Data processing agreement
Moveshelf can help in the implementation of GDPR as a Data Processor for you as a Data Controller. The terms that define the relation of the cooperation is the Data Processor Agreement with Moveshelf. This agreement also stipulates what will happen to the data stored with Moveshelf in case the business relation is discontinued.
Moveshelf adopts Data Protection by design and by default with access control, state of the art security and AES256 encryption. All data and database are always encrypted, both at Rest as well as in Transit and access to data is controlled through token-based authentication (JWT) granted by a trusted identity provider and verified by our access control services. Moveshelf’s underlying services and infrastructure are compliant to important best practice norms such as ISO 27001 (aligned with NEN7510 in the Netherlands) and ISO/IEC 27017:2015.
In the rest of the series, we'll be taking on the perspective of one more stakeholder around the movement lab: researchers. If you'd like to receive the whole series as a white paper, please get in touch. Or follow us on Twitter or LinkedIn to be reminded about the last post in the series.