The new EU General Data Protection Regulation: what the radiologist should know

ABSTRACT: The European Society of Radiology (ESR) informs its membership and its associated Institutional Members about the new General Data Protection Regulation (GDPR) of the European Union (EU,) which will apply from 25 May 2018. Radiologists and radiology departments should be prepared to comply with several new rules for the protection of imaging data. Although the new GDPR applies to all domains of the public and private sectors, some specific derogations are defined for data concerning health, aiming at protecting the rights of data subjects and confidentiality of their personal health data, whilst preserving the benefits of processing data, including digital images for research and public health purposes. Specific new obligations which healthcare providers (including radiologists/radiology departments) should prepare for include data access for patients, rules for data processing including explicit consent of the data subject in the absence of derogations, or technical and organisational safeguards. National health authorities can define exceptions and derogations from certain obligations by means of national law. They will also define sanctions in the form of penalties or fines that may be applicable for organisations of the public and private sector that fail to comply with the rules of the GDPR. MAIN MESSAGES: • Explicit consent prior to data processing will be necessary. • Explicit consent prior to communication of imaging data will be necessary. • Providing patient access to their personal data, including portability, will be required. • Certain derogations and exceptions exist for healthcare and research. • Additional specific rules may be defined by national law.