SkillsCourses

General Data Protection Regulation (GDPR)

8 Modules

4 Hours

EQF-Level: 5

About

Learning Outcomes

Modules

Back to BeWell

About the course

Target group

Nurse, Advanced Practice Nurse and healthcare workforce 

Key words

, , , ,

Course introduction

The General Data Protection Regulation (GDPR) Course consists of 8 Modules each containing one to four lessons that cover various aspects of data protection, specifically as it pertains to health data management. The lessons address key topics such as the historical background and principles of the GDPR, the implementation and impact of data protection regulations, and practical case studies that illustrate real-world applications. The course also covers essential concepts related to health information systems, cybersecurity, and the consequences of non-compliance, emphasising the protection of patients’ rights and the responsibilities of data protection officers in healthcare settings.

The objectives of the course aim to provide participants with a well-rounded understanding of how GDPR principles apply to health data. Participants will learn about the development and adoption of GDPR, the management and security of medical data, and the roles and duties associated with data protection in healthcare environments. The course also emphasises practical skills for safeguarding data, understanding the legal implications of data breaches, and applying best practices to minimise cybersecurity risks in the healthcare sector.

Details to know

Downloadable certificate

Share your certificate on Linkedin

Assessment

22 Quizzes

Taught in English

Will also be available in 6 languages

Learning outcomes

Click on the Module to see the relevant learning outcomes

Module 1
  • Competence:
    • Is able to understand the concept of data protection and the main aspects of the General Data Protection Regulation (GDPR)
  • Knowledge:
    • Knows about the background of the GDPR and understands its adoption
    • Knows of the factors that led to the evolution of Big Data
    • Understands the role of the European Data Protection Supervisor (EDPS)
    • Understands the need for each state to create different Data Protection Authorities for each country separately
  • Skills:
    • Respects the GDPR principles when planning and working with personal data and privacy information
Module 2
  • Competence:
    • Is able to work with Health Information Systems (HIS) and Personal Health Record (PHR) effectively and within the framework of data protection regulations
  • Knowledge:
    • Understands how Medical Data Management works
    • Understands Health Information Systems (HIS)
  • Skills:
    • Uses the Personal Health Record (PHR) at work, knowing its benefits and its compliance with the GDPR
    • Is able to extract and utilise relevant information from HIS in a responsible way
Module 3
  • Competence:
    • Is able to process personal data while following the rules related to data protection
  • Knowledge:
    • Understands how the Processing of Personal Data works in a public setting
    • Knows about the Sensitive Personal Data Processing in health services
    • Understands the legality of processing personal health data and medical confidentiality.
  • Skills:
    • Analyses the content of medical records and right of access
Module 4/5
  • Competence:
    • Is able to differentiate between the different professions related to data protection, such as Activity Manager, Data Protection Officer (DPO), Data Controller and the Data Processor
  • Knowledge:
    • Knows how to Keep an Activity Log as the Activity Manager
    • Understands how the Data Protection Officer (DPO) affects the work of the Activity Manager
    • Knows the Duties of the Data Protection Officer
    • Understands the difference between the Data Controller and the Data Processor
    • Understands the Duties of the European Health Data Space (EHDS)
  • Skills:
    • Identifies the qualifications needed to become a Data Protection Officer
    • Identifies the rights of the data subjects (patients)
Module 6
  • Competence:
    • Is able to establish safe routines for handling of privacy protected information
  • Knowledge:
    • Understands the Technical and Organisational Measures for Protecting Patients’ Data by Healthcare Providers
    • Understands how the Access and Exchange of Health Data is secured according to the GDPR
    • Understands how Transfers of personal data to third countries or international organisations are conducted
  • Skills:
    • Sets up structures for password management, access regulations and encryption
Module 7
  • Competence:
    • Is able to identify and balance risks against possible threats when managing data in and across networks and cloud services
  • Knowledge:
    • Understands how the Internet affects the transfer of health data
    • Understands Cybersecurity and the cyber risks in healthcare
    • Understands the best practices to minimise cyber risks in the healthcare sector.
    • Knows how the Records of Processing Activities (ROPA) work.
    • Knows about the duties of the Data Controller while processing data
  • Skills:
    • Effectively uses new technologies and health-related devices in work situations
    • Uses good practices to minimise cyber risks at work
Module 8
  • Competence:
    • Has the understanding of legal and moral responsibility when managing health related data in networks and cloud services
  • Knowledge:
    • Understands the breach of personal health data.
    • Understands the consequences of non-compliance with the regulation or the illegal processing of personal data in each organisation.
    • Understands the five-step methodology for calculating a GDPR fine
  • Skills:
    • Explains the civil, and administrative penalties when one is in non-compliance.
    • Explains the criminal penalties due to the violation of personal health data.
    • Analyses the basic criteria for determining fines, according to the articles of the GDPR.

The Health Data Protection Regulation

Module 1 introduces the student to the issue of Health Data Protection Management with introductory concepts and definitions regarding the GDPR explaining  the factors that led to the development of ”Big Data Analytics”, the adoption of the General Data Protection Regulation (GDPR) and its implementation by all EU countries. Finally presents a Case study on Data Protection Authorities in four countries: the United States, Germany, Japan, and Greece.  

Lessons

Introduction 1. Health Data Protection Management  2. Big Data Analytics 3. The Health Data Protection Authorities (DPAs) References

The General Data Protection Regulation (GDPR) & Medical Data Management

Module 2 introduces the student in Medical Data Management. Utilises a Case Study on Medical Data Management in a Hospital’s Cardiology Clinic, intending to introduce the participant to the way Medical Data Management works , continues by introducing the participant to the Health Information Systems (HIS) and how they work on a practical level. Introducing the participant to the Personal Health Record (PHR) through a Case Study of the use of the Personal Health Record (PHR) in a Hospital. In addition, it aims to present the benefits of its use for the Patient investigating the connection between the Personal Health Record with the GDPR and how it complies with the Regulation. 

Lessons

Introduction 1. Medical Data Management 2. Health Information Systems (HIS) 3. Personal Health Record (PHR) 4. Personal Health Record (PHR) in Compliance with the GDPR References

Processing of Personal Data and Medical Privacy

Module 3 utilises a Case Study on the Processing of Simple and Sensitive Personal Data in Health Services in a Public Hospital. Also present the Fundamental principles for the processing of simple and sensitive personal data. Further explores the Case Study Subject “Processing Simple and Sensitive Personal Data in Health Services in a Public Hospital” under the GDPR. Finally continues by exploring Personal health data and medical privacy and the concept of Medical Confidentiality. 

Lessons

Introduction 1. Fundamental principles for the processing of simple and sensitive personal data 2. Processing of personal data 3. Personal health data and medical privacy References

The Data Protection Officer (DPO) & the Activity Manager

Module 4 utilises the Case Study “How you would oversee the keeping of an Activity Log by the hospital’s Activity Manager (AM), to simplify the work of the AM in a public setting. Additionally, it explores how the Data Protection Officer affects the work of the Activity Manager. Also presents the Duties and Qualifications of the DPO and refers to the Data Controller and Data Processor. 

Lessons

Introduction 1. The Data Protection Officer  2. The Data Protection Officer, the Data Controller and the Data Processor References

Safeguarding the Rights of Data Subjects

Module 5 utilises the Case Study: Protecting the Rights of Data Subjects in the Provision of Health Services and aims to address the rights of the data subjects (patients). The module also refers to The European Health Data Space(EHDS) and its duties.  

Lessons

Introduction 1. Safeguarding the Rights of Data Subjects References

Secure Access and Exchange of Health Data according to the GDPR

Module 6 utilises the Case Study “Technical and Organisational Measures for Protecting Patients’ Data by Healthcare Providers” and presents the technical and organisational measures a healthcare provider should take to keep the patients ‘data safe. Finally, explores  Secure Access and Exchange of Health Data according to the GDPR and the Transfers of personal data to third countries or international organisations.  

Lessons

Introduction 1. Secure Storage and Access to Data 2. Secure access and exchange of health data according to the GDPR References

Personal Health Data Protection Measures (Healthcare Cybersecurity)

Module 7 utilises  the connection of the internet with health data, aims to present the new technologies and health-related devices and lastly, comments about cybersecurity and the cyber risks in healthcare . Then explores how to minimise cyber risks by utilising the Case Study: Best Practices to Minimise Cyber Risks in the Healthcare Sector and addresses the Records Of Processing Activities (ROPA). 

Lessons

Introduction 1. Cybersecurity in Healthcare 2. Personal Health Data Protection Measures   References

Consequences of Unlawful Processing of Personal Health Data

Module 8 refers to the Data Breaches and explores the ways they may happen. In addition, it presents the Sanctions for non-compliance and Consequences of unlawful processing under the GDPR. It addresses the civil and administrative penalties and how to determine the criteria of the fine. Continues by addressing the criminal sanctions under the GDPR and presents the European Data Protection Board (EDPB). Lastly, it refers to the five-step methodology for calculating a GDPR fine and explores the Consequences of Unlawful Processing of Personal Health Data with the use of a Case Study.

Lessons

Introduction 1. Data breaches, Remedies, Liability and Sanctions regime for non-compliance 2. Criminal sanctions and Guidance on calculating GDPR fines References Course Evaluation

Back to top

Co-funded by the Erasmus+ programme of the European Union under Grant Agreement number 101056563.

Co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or EACEA. Neither the European Union nor the granting authority can be held responsible for them.