Читать книгу Privacy & Data Protection Practitioner Courseware - English - European Institute of Management and Finance (EIMF) - Страница 22

In an EU member state two hospitals decide to merge their organization. Physically the two hospitals will remain on their current locations. Staff services and specialized medical departments will be merged and (re)located at either one of the two premises. The idea behind this merger is to generate cost effectiveness and to enable the modernization of the current IT systems and network. This generates more capacity to better serve patients. In addition to this, the merger provides the opportunity to monitor patients at home or in facilities such as retirement homes, nursing homes and rehabilitation centers.

To mitigate the risks of possible privacy data breaches the boards of directors of the two hospitals designate the data center of former hospital A as main data center and the data center of former hospital B as backup center. The two data centers are serviced by different companies.

You are currently working as the data protection officer (DPO) for both hospital organizations. After the merger you will be the DPO for the new organization. To help prepare for the merger, the boards of the two hospitals request that you provide an overview of the processing flows of personal data in the future organization as well as an indication of the data protection risks arising from the merger.