Why Health Apps Should Finally Take Data Privacy and Protection Seriously


Since May 25 the General Data Protection Regulation (GDPR) is in place. A good reason for health apps to finally take data privacy and protection seriously. 

With the new GDPR many aspects concerning data privacy are much more restricted now. This mainly concerns responsibilities regarding transparency and information. Thus, health app providers run the risk of fines, if they do not comply with these regulations.

Privacy by Design

According to the principles of privacy by design and privacy by default the GDPR requires privacy-friendly technical default settings for devices and software. Health app providers should handle medical data very carefully, since it is known to be highly sensitive information. When in doubt providers should get legal advice. In general health apps should be built in a way that they do not process more data than the user has approved them to process.


Many health app providers are based in the U.S. and therefore store data on U.S. servers. At the moment the legal situation concerning the EU-US-Privacy-Shield is unclear. This also concerns U.S. companies with headquarters and call centers in Germany. The GDPR always applies, if personal data inside the EU or related to the EU is collected.

Data Privacy and Protection Seal of Quality

Since there is still no seal of quality for medical devices, it is ever more important for providers to get their health apps certified by an independent data privacy and protection institution.

Software Development Kit for Health Apps

If you are a health app provider or start-up and you do not want to go through the hassle of getting your app certified, you can simply use a secure backend e.g. by HealthDataSpace. With the help of their software development kit you are able to securely store the data your health apps is collecting. Third-party provider can encrypt, decrypt or store data as well as share data securely or communicate via secure messaging.