MyLife Digital was acquired by DataGuard in April 2021

Hop over to our new home

The positive potential of GDPR – sharing data for the good of public health

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email


If medical innovators can find a way to promote trusted data-sharing that patients have control over, a world of possibility will open for more proactive and effective healthcare using IoT, AI and other enablers, says J Cromack, Co-founder and MD of MyLife Digital. 

The opportunities for healthcare providers to harness the latest technology and make smarter use of data are boundless. From pre-empting patient conditions before symptoms worsen to targeting treatments more effectively, using everything from connected ‘wearable’ devices to artificial intelligence to look for the tiniest clues. 

As health records that include medical images are captured digitally, and as more individuals willingly wear devices that monitor basic health signals, it becomes possible to build up a rich, connected and evolving picture of someone’s health – and trigger alerts and actions if something in the data is awry. Together, personal health apps, real-time data analytics and artificial intelligence offer a new way to think about keeping people well. 

It’s hard to imagine any downside to this – other than concerns about keeping one’s personal data safe. Medical information is among the special categories of personal data requiring careful handling under the new EU General Data Protection Regulation (GDPR). But address this successfully, and secure patients’ trust, and the doors to innovative new approaches to their care can swing open – to the advantage of everyone. 

Freedom through control 

Although tightening regulatory controls under GDPR may have set pulses racing among those tasked with safeguarding patient data, they have created an impetus to find robust approaches to personal data. Approaches that stay relevant well into the future and don’t conflict with other strategic priorities – such as improving the quality of care, driving up patient safety and doing all of this within shrinking budgets. 

One of the most effective and powerful ways to stay safely within the parameters of GDPR without restricting healthcare innovation, is to make it easier for patients themselves to understand, view and have more granular control of what happens to their data. A recent survey by Boston Consulting Group found that people were much more willing to share their data if they felt confident that harmful use would be prevented 1. Yet, as things stand, just 5 per cent of people in the UK fully grasp what personal data is being kept about them and only 4 per cent believe they have sufficient control over this, according to our own independent research conducted in April. 

Transparency engenders trust 

Fortunately, there is a way to address this and drive confident, compliant sharing of data that could unlock new patient benefits. While GDPR’s aim is to substantially shore up individuals’ rights over their data, it does not inherently pose barriers to data being used to its best effect. Rather, it demands that organisations are proactive and specific in signalling their intent. Then, on an ongoing basis, people must have the opportunity to review their data and how it is being used, and to adjust their permissions based on what feels comfortable and acceptable to them in the prevailing circumstances. 

The sense from recent studies is that the more people feel in control of their data, the more amenable they will be to give permission for its use – as long as they perceive a benefit. In the context of healthcare, if patients feel their personal information won’t be abused but could result in better, more proactive and joined-up care, then there is a strong case for consent to data share, especially when related to some of the new healthcare applications that sit outside of the usual clinical circles. 

But this does place the onus on healthcare organisations to equip patients with the tools to view their data and to exercise their rights under GDPR. Patients are likely to be more hesitant about what they agree to if kept at one step removed. But give them easy access to their data and the means to exercise their data rights whenever they want, and patients’ sense of buy-in will increase; that is, their willingness to share their data for specified purposes. 

Digital diabetes management shows the way 

It’s in this context that MyLife Digital is providing the personal-data management capabilities for the Diabetes Digital Coach test-bed – one of seven high-profile NHS England pilot projects targeting 5.5m diabetes sufferers. The aim is to equip them to manage their condition better using digital tools and data. Funded under the NHS Internet of Things (IoT) programme, the platform will go live this year. 

Crucially, patients are completely in the driving seat. They can choose whether to share their data and with whom. Permissions are managed in a secure, central, cloud-based personal data ‘strongbox’. This can sit across any number of health-related or administration-based IT systems and connect to patient websites, mobile apps and even wearable devices. It acts as a single window to, an individual’s data permissions and enables control and audit of that information. In the great balancing act of data-based service innovation versus data-based privacy safeguarding, it’s this emphasis on an individual’s control over their own data that promises to overcome concerns and unlock public benefits. 

[J Cromack gave] a presentation on this subject, The NHS: Unlocking a data revolution, at Caldicott Guardians National Annual Conference on May 14 in London. 

[1] Generating Trust Increases Access to Data by at Least Five Times (exhibit 2), Bridging the Trust Gap in Personal Data, Boston Consulting Group, March 2018 

MyLife Digital

MyLife Digital

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Find out how you can do more with data

Get in touch