Session ID: 

Healthcare Information and Technology in the Age of GDPR

2:30pm - 3:30pm Wednesday, February 13
Orlando - Orange County Convention Center


The new EU General Data Protection Regulation (GDPR) became law starting May 25, 2018, and healthcare providers started to implement this regulation. This session will summarize the GDPR implementation in the largest university hospital in Germany and one of the largest medical institutions in Europe: the Charité. First, we will focus on an implementation plan, which is the first step in every GDPR project. Defining an implementation plan requires that it is known which elements of the GDPR are already in place at an organization and which are not. These are identified by executing a gap assessment. Secondly, we highlight which are typical gaps in hospitals and we outline which have been identified in the Charité. Thirdly, we will describe the Privacy Transformation Program of the Charité to implement GDPR. This program implements different layers, e.g. a strategy, privacy governance, policies and procedures, culture and awareness, privacy operations and a privacy inventory.

Learning Objectives: 

  • Analyze your organization's current situation with regard to data privacy
  • Identify the gap to actual regulations requirements
  • Create a management structure and assign roles to a task force addressing the translation towards a data privacy conform organization


Senior Manager,
Deloitte Consulting
Chief Digital Officer,
Charité Berlin


Chief Quality, Chief Clin Transformation Officer