Legal Requirements
- DiGAV – our support services
With the entry into force of the Digital Health Care Act (DVG) in December 2019, the basis for the entitlement of statutorily insured persons to the provision of digital health applications was created.
Digital health applications (DiGA) must successfully pass a testing procedure at the Federal Institute for Drugs and Medical Devices (BfArM) before use and be listed in the directory of reimbursable digital health applications (DiGA directory). In order to be listed in the DiGA directory, a DiGA must first meet the requirements defined in §§ 3 to 6 DiGAV:
- security and functional capability
- Data protection and information security
- Quality, especially interoperability
We are your ideal partner for any requirements in the area of data protection and information security.
Approach
We support you in the context of the DiGAV with the following services:
- Data protection advice
- Provision of an external data protection officer
- Establishment of an ISMS
- Provision of an external CISO
- Protection needs analyses
- Implementation of penetration tests and technical security analyses
- Assessment and development of architectures
- Consulting during development, e.g. threat modelling
- …and much more
Your benefits
Fulfilment of the requirements “data protection and information security” from §§ 3 to 6 DiGAV
- Advice on data protection and information security “from a single source
- Expertise of our experienced consultants and auditors
- TÜV TRUST IT’s expertise has been confirmed by the Federal Office for Information Security (BSI) with certification as an IT security service provider for the areas of IS auditing, IS consulting and the performance of penetration tests.
- Support Services for the Whistleblower Protection Act (HinSchG)
Approach
- Resource conservation: You do not need to hire new employees to operate the reporting office, nor expand the responsibilities of existing staff. We take care of that for you.
- Compliance assurance: Don’t worry about whether you are properly meeting all requirements. We bring the necessary expertise.
- Cost minimization: Save costs for the initial and ongoing training of internal employees.
- External contact person: Internal whistleblowers find it easier to approach an external contact person than colleagues within their own company.
- Independent and objective: As a TÜV company, we are committed to independence and objectivity.
- EU GDPR GAP Analysis and Recommended Measures
The resolution on the protection of natural persons regarding the processing of personal data passed by the European Parliament and the European Council on April 27, 2016 has made privacy protection requirements significantly more stringent because of the obligation to implement the EU’s General Data Protection Regulation (EU) 2016/679 (EU GDPR). Now the GDPR is in force, organisations affected must implement appropriate measures by May 25, 2018. The range of sanctions envisaged by the GDPR is considerable, amounting to up to 20 million euros or 4% of the organisation’s global turnover for infringement of a person’s rights. Consequently, many companies currently need to have their data protection measures reviewed, compared to the new requirements and potentially adjusted accordingly. TÜV TRUST IT will support you in this process with longstanding experience in the field of data protection. We have developed a GAP analysis that is specifically designed to meet the GDPR requirements, thus helping you assess the status quo and conceptualise a scheme to quickly and efficiently fulfil the new provisions.
Your benefits
- Insight into the necessary procedures, as well as their maturity level and efficacy
- Effort estimate for implementing the required data protection measures
- A valuable planning guide to realise the operations required sustainably and in a well-structured manner
- The opportunity to integrate the GDPR measures into your ISMS, ensuring ongoing effectiveness
- Creation of an optimised compliance
- Reduction of the risk of penalisation