Mediscript

GDPR Compliance

Mediscript is committed to protecting the privacy rights of individuals in accordance with the General Data Protection Regulation (GDPR).

Understanding GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process the personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.

The GDPR strengthens the rights of individuals with regard to their personal data and aims to unify data protection laws across Europe. It imposes strict requirements on organizations that collect, store, and process personal data.

At Mediscript, we embrace the principles of the GDPR and are committed to ensuring that our platform and services comply with its requirements.

Key GDPR Principles

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data Minimization

We ensure that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

Storage Limitation

We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes of processing.

Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We are responsible for and can demonstrate compliance with the GDPR principles.

Data Subject Rights

The GDPR provides individuals (data subjects) with certain rights regarding their personal data. Mediscript respects these rights and has implemented processes to facilitate their exercise.

Right to Access
Data subjects have the right to obtain confirmation as to whether their personal data is being processed, and if so, access to that data and certain information about the processing.
Right to Rectification
Data subjects have the right to have inaccurate personal data rectified and incomplete personal data completed.
Right to Erasure
Also known as the 'right to be forgotten,' data subjects have the right to have their personal data erased under certain circumstances.
Right to Restriction of Processing
Data subjects have the right to restrict the processing of their personal data under certain circumstances.
Right to Data Portability
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object
Data subjects have the right to object to the processing of their personal data under certain circumstances.
Rights Related to Automated Decision Making
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

Our GDPR Compliance Measures

Mediscript has implemented comprehensive measures to ensure compliance with the GDPR.

Documentation and Accountability
  • Maintaining records of processing activities
  • Conducting data protection impact assessments
  • Implementing data protection policies
  • Appointment of a Data Protection Officer
Technical and Organizational Measures
  • Encryption of personal data
  • Access controls and authentication
  • Regular security testing and assessments
  • Staff training on data protection
International Data Transfers
  • Implementation of Standard Contractual Clauses
  • Assessment of third-country data protection laws
  • Supplementary measures where necessary
  • Regular review of transfer mechanisms
Data Breach Management
  • Comprehensive data breach response plan
  • Procedures for timely notification to authorities
  • Processes for notifying affected data subjects
  • Documentation and analysis of incidents

Frequently Asked Questions

Common questions about GDPR compliance and how Mediscript addresses them.

Need More Information?

Our Data Protection Officer and privacy team are available to answer any questions you may have about our GDPR compliance program.