The GDPR Transfer Regime and Modern Technologies

Melania Tudorica, Trix Mulder

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
218 Downloads (Pure)


Health data comes within a person’s most intimate sphere. It is therefore considered to be sensitive data due to the great impact it could have on a person’s life if this data were freely available. Unauthorized disclosure may lead to various forms of discrimination and violation of fundamental rights. Rapid modern technological developments bring enormous benefits to society. However, with this digitization, large amounts of health data are generated. This makes our health data vulnerable, especially when transferred across borders. The new EU General Data Protection Regulation (GDPR) legal framework provides for rights for users of modern technologies (data subjects) and obligations for companies (controllers and processors) with regard to the processing of personal data. Chapter V of the GDPR protects personal data that are transferred to third countries, outside the EU. The term ‘transfer’ itself, however, is not defined by the GDPR. This paper examines whether transfer within the meaning of the GDPR applies to health data processed by modern technologies and if the complexity of the GDPR legal framework as such sufficiently reflects reality and protects health data that moves across borders, in particular to jurisdictions outside the EU.
Original languageEnglish
Title of host publicationProceedings of ITU Kaldeioscope
Subtitle of host publicationICT for Health: Networks, standards and innovation
PublisherInternational Telecommunication Union
Number of pages8
ISBN (Electronic)978-92-61-28401-5
Publication statusPublished - 3-Dec-2019
Event11th ITU Academic conference: ITU Kaleidoscope: ICT for Health: Networks, standards and innovation - Georgia Institute of Technology, Atlanta, Georgia, United States
Duration: 4-Dec-20196-Dec-2019


Conference11th ITU Academic conference: ITU Kaleidoscope
Country/TerritoryUnited States
CityAtlanta, Georgia
Internet address


  • gdpr
  • modern technologies
  • transfer regime
  • chapter V

Cite this