Secure System Developments and adequate Data Collection are keystones for successful Conformity Assessments

The sensitivity of Personal Patient Data

Novel technologies such as the Internet of Things (IoT), Artificial Intelligence and Blockchain are enabling new healthcare networked services and increasing their functionalities.

Despite the advantages brought by these digital health services, the threats associated with sensitive data exposure are considerable, and there is no Cybersecurity guidance or standard that could be considered “state-of-the-art”.

The General Data Protection Regulation (GDPR), in force since May 25th, 2018, clearly defines what could be considered as personal data, as well as the requirements that shall be met by any party involved either in the processing of personal data or the application of this regulation.

Key Challenges when Incorporating Novel Technologies into Medical Devices

Balancing New Technologies & GDPR

Digital Health services, including telemedicine and patient health monitoring, leverage data collection and its analysis for the diagnosis or treatment of certain pathologies. These data, collected by medical device manufacturers or managed by subcontractors on their behalf, may fall within the scope of data protection laws.

The threat of Cyber Attacks

Cybersecurity is a key aspect that cannot be neglected when designing Medical Devices, as exposure of Personal Data can be very problematic for individuals. Although it is nearly impossible to eliminate all (cyber)-security risks, these can (and must) be reduced as far as possible by the manufacturers.

Cybersecurity and Software Lifecycle

Vulnerabilities and threats are identified all the time. Also, the continuous evolution of software boosts new functionalities and business opportunities for Digital Health services. At the same time, manufacturers must find the optimal product lifecycle trategy to also meet the requirements of MDR related to product changes.

Tech Letter: Medical Device Software incorporating Artificial Intelligence: Generating sufficient evidence under the MDR

This Technical Letter aims to provide an overview of the considerations for evaluating evidence regarding AI-MDSW.

Read now

How Medidee optimizes the development of your Digital Health products

GDPR and Cybersecurity are intrinsically linked to an appropriate development of medical devices.Our team is by your side in specific key areas requiring particular attention:

Performing a gap analysis to identify weak/missed aspects with respect to GDPR and Medical Device Regulation and defining the strategy towards conformity assessment

Ensuring that all processes properly address the cybersecurity risks in Premarket (Design & Development) and Post Market Surveillance (Monitoring and Vigilance).

compliance - quality

Identifying assets, threats and vulnerabilities, conducting risk assessments aligned with the product lifecycle and GDPR requirements, and defining a testing and reporting plan

Get an overview of the regulatory landscape, hear about the basic concepts and principles, get insights into the necessary steps and anticipate typical pitfalls when bringing a digital health product to the market.

Watch the Webinar

Navigate Cybersecurity and GDPR

The multiplicity of Cybersecurity standards and guidelines, and the complexity of the GDPR guidelines make it difficult for medical device manufacturers to confidently manage these aspects of their product development.


Furthermore, the importance of Data Privacy and Secure System Design & Development makes it crucial to maintain comprehensive Technical Documentation that complies with all the applicable requirements.


Medidee works with your team to define a strategy that is right for your product and business objectives, and that will ultimately lead to a successful Conformity Assessment.

Cybersecurity and GDPR

Contact Medidee to discuss your needs