GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR), effective since May 25, 2018, is a comprehensive data privacy law that governs the collection, processing, storage, and transfer of personal data.
It ensures that personal data is processed securely and provides individuals with expanded rights over their personal information.
Non-compliance with GDPR can lead to significant fines and penalties.

GDPR harmonized data protection laws across the European Union (EU) and extended its reach globally — applying to any organization that processes the personal data of individuals within the EU, regardless of the organization’s location.



What is Considered Personal Data?

GDPR defines personal data as any information relating to an identifiable person.
This includes:

  • Obvious identifiers: name, address, email, phone number
  • Indirect identifiers: IP address, cookie IDs, or device data

GDPR thus covers all data that can directly or indirectly identify a natural person.



Scope of GDPR

The GDPR applies to:

  • Any organization or business offering goods or services to EU residents
  • Any entity monitoring the behavior of individuals within the EU

It applies to both EU-based and non-EU organizations that process EU citizens’ personal data.



Core Principles of GDPR

GDPR is based on seven core principles that guide organizations in lawful data processing:

1. Lawfulness, Fairness, and Transparency

Organizations must process personal data in a lawful, fair, and transparent manner.
Individuals must understand how their data is used, with information provided clearly and concisely.

2. Purpose Limitation

Data may only be collected for specific, explicit, and legitimate purposes.
Reusing data for new purposes requires additional user consent.

3. Data Minimization

Only collect the minimum amount of data necessary to fulfill the intended purpose.
This reduces exposure and minimizes misuse risks.

4. Accuracy

Personal data must be accurate and up to date.
Organizations must correct or delete inaccurate data promptly.

5. Storage Limitation

Data should not be kept longer than necessary.
Retention policies should specify when data will be deleted or anonymized.

6. Integrity and Confidentiality

Data must be protected through appropriate security measures, such as encryption, to prevent unauthorized access or breaches.

7. Accountability

Organizations must be able to demonstrate compliance through proper documentation, policies, and regular audits.



Special Considerations

GDPR mandates that personally identifiable information (PII) be either:

  • Anonymized (permanently de-identified), or
  • Pseudonymized (identifiers replaced with pseudonyms)

These techniques allow data analysis while protecting individual identities.
GDPR applies to all 27 EU member states and the European Economic Area (EEA), as well as non-EU websites that attract EU visitors.



Who is Covered Under GDPR?

GDPR protections extend to:

  • All EU residents and citizens
  • Non-EU citizens residing within the EU
  • EU citizens whose data is stored or processed outside the EU

Essentially, any individual whose data originates in the EU is covered under GDPR protections.



Rights of Individuals Under GDPR

GDPR grants individuals several key rights regarding their personal data:

1. Right to Access

Individuals can request details about what data an organization holds and how it is used.

2. Right to Rectification

Individuals can request correction of inaccurate or incomplete data.

3. Right to Erasure (Right to Be Forgotten)

Individuals can request deletion of their personal data when it is no longer needed or if consent is withdrawn.

4. Right to Restriction of Processing

Individuals may restrict how their data is processed, particularly during disputes or corrections.

5. Right to Data Portability

Individuals can obtain their data in a structured, commonly used format and transfer it to another organization.

6. Right to Object

Individuals may object to certain types of processing, such as profiling or direct marketing.

Individuals have protection from decisions made solely by automated systems, ensuring human oversight.



GDPR Principles in Practice at GHO

At Global Health Opinion (GHO), GDPR compliance is a fundamental part of our data privacy strategy.
We prioritize user trust, transparency, and accountability in every aspect of data handling.

1. Lawfulness, Fairness, and Transparency

  • Data processing at GHO is lawful and based on explicit user consent.
  • Clear privacy notices explain how data is collected, used, and stored.
  • Transparency empowers users to make informed decisions.

2. Purpose Limitation

  • Data is collected solely for legitimate purposes such as telemedicine, medical consultations, and AI-driven healthcare improvements.
  • Additional consent is obtained before using data for new purposes.

3. Data Minimization

  • GHO collects only the data necessary for healthcare delivery.
  • Unnecessary or excessive data collection is strictly avoided.

4. Accuracy

  • Regular data reviews and updates ensure accuracy.
  • Users can easily request corrections through our secure online portal.

5. Storage Limitation

  • Personal data is retained only as long as needed for its intended purpose or legal obligations.
  • Data is deleted or anonymized after the retention period expires.

6. Integrity and Confidentiality

  • GHO uses encryption, access controls, and secure communication protocols to protect data.
  • Only authorized personnel can access sensitive information.

7. Accountability

  • All data processing activities are documented.
  • Regular audits and employee training sessions reinforce compliance.
  • GHO maintains full transparency with users and regulators.


User Rights Under GDPR at GHO

GHO supports and enables all user rights under GDPR:

  • Access & Rectification: Users can view and correct their personal data securely.
  • Erasure Requests: Users may request deletion unless data must be retained for legal reasons.
  • Data Portability: Data can be provided in exportable, structured formats.
  • Right to Object & Restrict Processing: Users can control non-essential data uses.
  • Automated Decision-Making Protections: All critical healthcare-related decisions include human oversight.


Technical Safeguards for GDPR Compliance

Privacy by Design

GDPR compliance is embedded in every stage of GHO’s system development — ensuring privacy is a default setting.

Data Encryption and Anonymization

  • All personal data is encrypted in transit and at rest.
  • Pseudonymization enhances security for analytical use cases.

Third-Party Vendor Management

  • All vendors handling GHO data must sign Data Processing Agreements (DPAs).
  • GHO ensures partners uphold GDPR-level protection standards.

Incident Response

  • A dedicated response team addresses any potential data breaches immediately.
  • Affected users and authorities are notified within GDPR-specified timelines.


The GHO Advantage in GDPR Compliance

GHO’s proactive approach to GDPR compliance ensures:

  • Trust: Transparent and ethical data handling practices.
  • Security: State-of-the-art protection for sensitive health data.
  • Compliance: Continuous alignment with evolving data protection laws.

Through these measures, Global Health Opinion (GHO) maintains its commitment to delivering innovative healthcare solutions while upholding the highest standards of data privacy and integrity.