Lawyer warns of imminent warning wave against doctors and naturopaths

Thus, doctors and naturopaths protect themselves from warnings under the new DSGVO

On the 25th of May the Basic Data Protection Ordinance (DSGVO) in force. All companies must make their website compliant by this date. This also applies without restriction to therapists, doctors and non-medical practitioners. In addition to the optimization of internal processes, the requirements to be met include external presentation, as well as the legally compliant design of the website. In particular, we asked lawyer Brian Scheuch, an expert on data protection and Internet law at the law firm Heidrich Rechtsanwälte.

After the introduction of the new General Data Protection Regulation, doctors and non-medical practitioners are threatened with a veritable wave of warnings. Lawyer Brian Scheuch, lawyer for IT and online law.

Mr Scheuch, can you tell us as a layman what this new basic regulation really means?

That is something like a data protection revolution. This is the first time in Europe that we have a uniform data protection law that replaces all national laws in the member states. The GDPR will enter into force on 25 May 2018 throughout Europe. This would also set an example for a strong protection of citizens' data, even against the rather weak law, for example in the USA.

Why was it even implemented??

The aim of the General Data Protection Regulation is to create an equal level of data protection throughout Europe. This should eliminate existing distortions of competition, especially in European countries that have implemented relatively weak data protection. But the enforceability of data protection should be improved by significantly higher fines.

There are special aspects for physicians, therapists and non-medical practitioners that they have to take into account?

Yes, certainly. These occupational groups usually work with very sensitive personal data, such as health data. Such data must be specially protected under the GDPR through technical organizational measures. In practice, this means, for example, that patient data should be stored as encrypted as possible and, if possible, should not be uploaded unprotected to cloud providers such as Dropbox.

What do website owners have to consider??

In addition to the internal processes and the requirements of IT security, website operators should pay particular attention to ensuring that their companies are compliant with data protection requirements. There are many obligations in this area to inform users of the website about the processing of their data. The most important element is a privacy policy adapted to the new specifications as the central element of the page. Such an explanation can easily come in terms of volume to more than 20 pages.

What could happen if you just do nothing?

Doing nothing is almost always the worst solution. In the case of violations of the General Data Protection Regulation, the competent authority, which is the Data Protection Officer of the respective federal state, may impose a fine of up to 20 million euros or 4% of worldwide Group sales, whichever is higher.

In addition, however threatening expensive warnings by competitors or so-called Abmahnvereine. Websites with a missing or even wrong privacy policy can be quickly located through search engines. The past, especially in e-commerce, has shown that a "wave of warnings" is regularly coming up following new legal regulations on information requirements. Such a warning costs not only money, but also a lot of time.

What exactly can website owners do? Do you offer help? What does this help cover? What happens if a warning flutters into the house??

The General Data Protection Regulation must be implemented by the will of the legislator until 25 May 2018. If you start with it now, it will be difficult to get it done given its size and complexity. In order to protect against a possible warning from the competitors, however, the own website should always be adapted to the General Data Protection Regulation. Among other things, we have created a DSGVO website package that contains the most common sample texts for a legally compliant website. If necessary, we advise and support companies and freelancers, of course, in the complete implementation of the DSGVO. (Sb)