Conclusions: To comply with the GDPR, healthcare institutions must ensure lawful and secure processing of personal medical data: organize internal procedures, appoint a Data Protection Officer, implement technical and organizational measures, obtain informed consent from patients, and guarantee their rights to access and protect such sensitive information. The protection of personal medical data is ensured through a multi-level system that combines the GDPR, the European Court of Human Rights case law, and national institutions. It is essential to develop and implement clear data protection policies that define responsibilities, data handling procedures and incident response. Many countries still have low awareness among medical personnel regarding personal data protection.
Berzina et al. (Sun,) studied this question.