Compliance & security
GDPR
EU data-protection law — non-negotiable for any EU healthcare deployment.
The General Data Protection Regulation governs personal-data processing in the EU/EEA. For healthcare AI it means: a legal basis for processing, data-residency considerations, a published sub-processor list, a data-processing agreement (DPA), and meaningful patient rights including erasure.
GDPR is law, not a badge — and it's only the floor. Several EU jurisdictions add national rules on top (Swiss FADP, German BDSG, Norwegian Pasientjournalloven).
See also
- Data residency — Where the vendor actually stores and processes your data.
- FADP / revDSG (Swiss) — Switzerland's revised Federal Act on Data Protection — stricter than GDPR in some respects.
- ISO 27001 — International standard for information-security management systems.