Category - Cybersecurity

medicaldeviceslegal

The EU Court’s Schrems II judgement – urgent revisiting of international personal data transfer mechanisms required

Wasn’t the MDR about More Data Required, and the same for the IVDR? Aren’t more and more devices running software that processes patient and user data? Isn’t the medical devices industry a very international business? Indeed – so the ability for companies working with the MDR and IVDR to transfer personal data internationally for all […]

medicaldeviceslegal

The MDCG cybersecurity guidance – a helpful rush job

It has been some time since the MDCG guidance on cybersecurity for medical devices was released (MDCG 2019-16 December 2019), so everybody has probably had the opportunity to get used to the document by now. While the document is by no means ideal or even flawless (congratulations MDCG on a glaring spelling mistake in the […]

medicaldeviceslegal

Privacy by design and data portability

I’ve often warned medical devices companies that they need to start looking at privacy by design obligations under the General Data Protection Regulation, the GDPR. Engineers at a company where I gave an in-company presentation earlier this year were seriously unhappy that privacy by design obligations can affect both hard and software and that the […]

medicaldeviceslegal

End of year bonanza

Normally one looks back at the end of the year, but I also like to look ahead because there are a lot of developments in EU law that will affect the medical devices industry next year: new rules on cybersecurity, data protection, mHealth and business compliance will put their mark on 2016, additional to the never-ending […]

medicaldeviceslegal

More on EU medical devices cybersecurity regulation

In a previous post I promised more on cybersecurity, so here it is. Spoiler alert: the conclusion of this post is that cyber security requirements for medical devices in Europe are currently an overlapping patchwork of different statutes with little attention for system and network security. So the conclusion is: there is nothing specific, except […]

medicaldeviceslegal

In, on and near body networks EU regulation

I had the pleasure of being invited to speak at the Health IT forum at the MEDICA conference last week on regulation of in, on and near body networks. Most of my day at the MEDICA I spent in the health IT hall, catching up on developments, particularly in the interesting Wearable Technology Pavillion with […]