The European General Data Protection Regulation (GDPR) in mHealth: Theoretical and practical aspects for practitioners' use

The extensive use of smart technology (smartphones and wearables) and the vast amount of information they contain have positioned remote devices and technology as a massive database resource. Harnessing these big data into the clinical and research fields has introduced a new horizon of possibilities along with significant privacy issues. A significant evolution in this respect has been the introduction of the new European Union (EU) General Data Protection Regulation (GDPR). The GDPR acknowledges that information related to individuals (i.e. personal data), as well as data flow, and thus databases, are of high political, clinical, and economic value. Hence, the Regulation aims to protect personal data and, consequentially, privacy. Nevertheless, the GDPR is a legal document with legal language. The purpose of this paper is to serve as a - practical guidance as well as a theoretical framework - for clinicians (and non-clinicians) who integrates digital tools in their clinical and research work.