I’ve often warned medical devices companies that they need to start looking at privacy by design obligations under the General Data Protection Regulation, the GDPR. Engineers at a company where I gave an in-company presentation earlier this year were seriously unhappy that privacy by design obligations can affect both hard and software and that the […]
The MDR and IVDR are here now, but the General Data Protection Regulation (GDPR) already beat them to the finish line as it was just adopted. I have written a lot about current and future EU data protection requirements, both on this blog (here, here and here for example) and in other publications. What I […]
In a previous post I promised more on cybersecurity, so here it is. Spoiler alert: the conclusion of this post is that cyber security requirements for medical devices in Europe are currently an overlapping patchwork of different statutes with little attention for system and network security. So the conclusion is: there is nothing specific, except […]
These days I am more and more involved in medical devices software matters: interesting questions about modularisation, whether or not EHRs are medical devices in Europe and negotiation of systems integration agreements within the systems integration clause of the EU medical devices directive, just to mention a few. But so far I have not really […]