Applications for a free online workshop “DPO Tasks and Personal Data Protection in the Healthcare Sector”

Within the framework of the European Data Protection Board’s “Support pool of experts” project, aimed at providing support to supervisory authorities in the performance of their tasks, the Personal Data Protection Agency is organising a free online workshop “Personal Data Protection and GDPR Compliance in the Healthcare Sector.”

The workshop is scheduled for Thursday, September 28, 2023, running from 10:00 a.m. to 3:00 p.m. We extend a warm invitation to all data protection officers and healthcare professionals, urging them not to miss this valuable opportunity to gain the essential knowledge required to uphold and safeguard the fundamental rights of their patients and individuals.

You can apply via the online form at the following link:

Participation link:

The workshop is primarily intended for data protection officers in the healthcare sector, but it is also open to all interested healthcare professionals. The program is tailored  to address the specific needs and uncertainties that data protection officers and healthcare workers face in their daily work related to the compliance with the provisions of the General Data Protection Regulation (GDPR) and the legal framework for personal data protection.

According to the research conducted by the Croatian Personal Data Protection Agency, data protection officers in the healthcare sector face the greatest challenges in understanding and complying with the legal framework for data protection. The level of their knowledge and readiness to understand and adhere to the obligations arising from the legal framework for data protection raises many concerns, especially considering that data controllers in this sector process personal data extensively, including special categories of personal data and children’s personal data.

The aim of the project is to develop a training program tailored to the needs of the data protection officers in the healthcare sector, and will consist of the following modules:

  1. The general training module would cover practical knowledge with examples, cases, applicable EU and national guidance, and applicable industry standards of information security on the following topics:
  • Basic sources and concepts of EU data protection law
  • GDPR basics: understanding the basic GDPR terminology
  • Act on the Implementation of the GDPR
  • Understanding data protection principles and their application in the GDPR theory and practice
  • Identifying appropriate lawful basis for the processing of personal data
  • Special categories of personal data
  • Data subject rights and data controller obligations
  • Data controller security of processing obligations
  • Data processing contracts, ROPA, breach obligations, technical and organisational measures
  • Competences, position, and tasks of the DPO
  • Data transfers
  • Modern technologies: processing of personal data using AI, automated decision-making, profiling
  • Uses of anonymisation and pseudonymisation
  • Processing of personal data via cookies
  • Processing of personal data via video surveillance


  1. Data protection module in healthcare service
  • Understanding national legal framework of the public health system of the Republic of Croatia and data protection ramifications
  • Understanding specific issues and data protection requirements of the health institutions such as hospitals, city clinics, health insurance system in Croatia
  • Simulations of Data Protection Impact Assessment, conducting legitimate interest test, identifying appropriate lawful basis, development of privacy policy, maintaining records of processing activities, data retention periods etc. (examples from the education sector)

Workshop participants will have the opportunity to gain familiarity with the legal framework pertaining to personal data protection, specifically honing in on the intricacies of data security within the healthcare sector. Topics covered include the development of internal documents for GDPR compliance, the implementation of technical and organizational measures for effective data protection, the conduct of data protection impact assessments, the maintenance of data protection records, responsible data transmission and disclosure to third parties (e.g., insurance companies), and the procedures for granting access to medical records in criminal cases, among others. Through practical examples, the workshop will address any uncertainties that healthcare professionals may encounter in their daily work concerning data protection.

The primary aim of this workshop is to introduce training for Data Protection Officers, based on the program developed within the EDPB’s “Support pool of experts” project. This initiative seeks to enhance the understanding of the challenges faced by data protection officers in the healthcare sector and gather their feedback to tailor the program to their specific needs, equipping them with the knowledge and skills necessary for effective task performance. Upon completion of the workshop, all participants will receive a certificate of attendance.

It is worth noting that failure to uphold the right to personal data protection and the privacy of European citizens, leading to violations of the General Data Protection Regulation and the Act, on the implementation of the GDPR, can have significant reputational and financial consequences for data controllers in the healthcare sector.



Skip to content