GDPR and Health Data – 15th Conference of Digital Medicine ‘FUTURE IS NOW’

Join us on 31st May at Hotel Moskva in Belgrade, where our Partner Ivan Milosevic will present the latest information on AI and GDPR in Health Data.

If the implementation of ISMS 27001 had been sufficient to ensure privacy, the EU would not have rendered GDPR.

ISMS 27001 ISO/IEC 27001 is an international standard that structures how businesses should manage risks associated with information security threats; including information security policies, procedures, and staff training to apply information security. The matter of how information security is used to protect personal data is regulated by GDPR (security processing)– Article 32 of GDPR and Article 50 of Serbian Data Protection Act.

ISMS 27001 does not deal either with the legitimate interest of the controller, necessity and proportionality of processing, nor the intended purposes of processing and with compatible purposes. In case of high risks to the rights and freedoms of citizens, health institutions need to define and implement additional adequate technical and organizational measures to copy with privacy risks (Data Protection Impact Assessment).

This stated becomes even more relevant when the controller implements GDPR to protect special categories of personal data – health or genetic data or process personal data initially collected for medical treatments for scientific research. In these cases, health and other public institution have to comply with Oviedo Convention and GDPR requirements. Regulatory requirements for the formation of the bank of genes and processing of samples being personal data (if not anonymized) is a complex matter which requires significant consideration. And how personal data can be anonymized if healthcare institutions have to inform the data subject who consented to scientific research on the results of scientific research in case it is determined that the data subject suffers from rear disease?

The Law on Health Documentation and Records in Health Sector prescribes that the processing of personal data and the establishment and maintenance of registers of processing activities is performed in accordance with the Law on Protection of Personal Data.

Which steps shall be taken by health and other public institutions to protect privacy of patients and persons participating in scientific research?

For answers, join us at the Conference “Future is Now” – 15th Conference of Digital Medicine on May 31, 2022, at Hotel “Moskva”, 9.00h -13.00h. For REGISTRATION, please send an e-mail to or If you would like to follow the event ONLINE, let us know and we shall send you the link.

Scroll to Top

Privacy Policy

Law firm Janković, Popović & Mitić Beograd takes care of your privacy. As a controller and in accordance with the Law on Personal Data Protection and other applicable personal data protection regulations, we are obliged to provide you with information related to processing of your personal data.

We use cookies to help improve your experience of our website by measuring how it’s used.

Read our Privacy & Cookie policy for more information.

This Privacy Notice describes which personal data we collect from you and in which manner, how we use and share your personal data. It contains information on purposes and legal grounds for processing, on the time period in which we store your personal data, the manner we protect this data as well as on your rights.