Yesterday, attn. Joanna Mamczur had a great opportunity to hold a webinar for the medical sector on personal data protection under GDPR (General Data Protection Regulation) which will be in force as of 25 May 2018.

It was a great honour for us – as we gathered a wonderful audience of over 400 (!) doctors and managers active in the medical sector in Poland. The discussion was very intense – the statistics have shown that it was a webinar with one of the highest active participation rates. Also it was – by far – the highest engagement rate on the discussion forum, with a number of very interesting questions.

We are currently in the process of going through some of the open questions and it seems that the medical industry is highly concerned about the lack of detailed regulatory guidelines in terms of preparing their activities for the challenges set by the GDPR. We will definitely address this need by proposing practical solutions in this field.

This was one of a series of training events which we held on GDPR over last 12 months and we see that there is an increasing search for such information amongst entrepreneurs. However, the level of the GDPR (Polish term: RODO) awareness amongst several industries is still way too small – given that we are only 3 months away (!) from the date on which the new regulation will be effective.

It’s important to remember that the GDPR provisions will also apply to companies outside the European Union – if they process personal data of natural persons living in the EU. Many companies from the USA will be concerned by this regulation – whilst they do not even realize this.

In order to properly prepare for this change, companies should:

  • make audit of their current procedures and security measures in terms of personal data protection;

The audit will refer to issues such as, amongst others, safety of documentation and IT systems, review of internal security standards and procedures, risk analysis and the level of awareness of the company’s staff in terms of data protection; such audit may last about 1-6 months, depending on the organization so now is really the last call for moving on with this procedure.

  • make the so-called “gap analysis”, i.e. once the audit shows them clearly their current starting point – it must be defined whether the currently applied standards/measures are compliant with the GDPR; if this is not the case – it means that the company has identified the compliance gap which needs to be quickly repaired;
  • implement the necessary compliance measures such as, amongst others, the staff trainings, procedures, documents required by the GDPR, safe solutions re. data processing in terms of physical documents and IT services and the ongoing monitoring of company’s security level.

As you see – even just a brief summary of the steps which should be undertaken takes some time to read and digest. So think about the process which is needed for actually executing on these steps. To protect your/ your client’s business – start now if this is still an open issue in your organisation.

We hope this quick food for thought about the GDPR will help you to move on with the compliance process. Feel free to let me know if you have any questions – it’s the topic that I am analysing on the daily basis so I will be happy to help you out.

With this said, I would like to thank again the organisers of yesterday’s GDPR webinar for medical industry and the active audience of doctors who broke the records of webinar engagement yesterday!


For current updates, follow me also on Twitter at @MamczurJoanna ( and on FB at