Jay P. Anstine (janstine@bluebirdhealthlaw.com) is the President of Bluebird Healthlaw Partners in Fort Collins, CO.
Effective May 25, 2018, the General Data Protection Regulation (GDPR) became applicable to the European Union (EU) and countries in the European Economic Area (EEA). The GDPR regulates the collection, use, disclosure, and other processing of a data subject’s personal data by controllers and processors. A data subject is an identifiable person in the EU at the time of processing. A controller is an entity that determines the purpose and means of the processing of personal data. A processor is an entity that processes the personal data on behalf of a controller. Some US companies (e.g., medical device company with a global market) now must comply with GDPR and HIPAA.