Is the GDPR the Cure for Data Breaches in Healthcare or just a Legal Placebo? - Managing Personal Data Breaches in Healthcare Under the GDPR
(2025) HARN63 20251Department of Business Law
- Abstract
- The present thesis aims to assess the efficacy of the GDPR in managing personal data breaches in healthcare. To fulfil its purpose, we have analysed the legal basis for processing sensitive personal health data and we have set the following research question:
To what extent does the GDPR prevent personal health data breaches as well as mitigate their impact on data subjects?
In order to conduct our thesis and achieve its research objectives, we have analysed the relevant EU legal framework, focusing on the EU Regulation 2016/679, known as GDPR, as well as other legal official documents. We have also examined articles, scholarly literature, and compared recent case studies involving personal data breaches, which have been addressed... (More) - The present thesis aims to assess the efficacy of the GDPR in managing personal data breaches in healthcare. To fulfil its purpose, we have analysed the legal basis for processing sensitive personal health data and we have set the following research question:
To what extent does the GDPR prevent personal health data breaches as well as mitigate their impact on data subjects?
In order to conduct our thesis and achieve its research objectives, we have analysed the relevant EU legal framework, focusing on the EU Regulation 2016/679, known as GDPR, as well as other legal official documents. We have also examined articles, scholarly literature, and compared recent case studies involving personal data breaches, which have been addressed under the GDPR in healthcare within the territorial scope of the Regulation.
This thesis focuses on data breaches in the healthcare sector, an area involving some of the most sensitive and personal information that can be processed. When such data is exposed, it can seriously affect individuals' privacy, dignity, and wellbeing. The healthcare industry is among the most targeted sectors globally, and in some cases, stolen health data ends up on the dark web, treated as a commodity by cybercriminals.
After conducting our research, we have concluded that personal data breaches in healthcare mainly occur due to internal mismanagement and external cybersecurity risks. These factors can be effectively diminished through compliance with the existing legal framework, combined with the adoption of enhanced security measures. These policies can jointly reduce the likelihood of personal data breaches if organizations adhere to the GDPR and the complementary legislation. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9193197
- author
- Dilaveraki Persson, Maria-Karolina LU and Lundkvist Richkin, Emma LU
- supervisor
- organization
- course
- HARN63 20251
- year
- 2025
- type
- H1 - Master's Degree (One Year)
- subject
- keywords
- Compliance, Cyberattacks, Cybersecurity, Data Controller, Data Processor, Data Subject, Digitalisation, EHDS, GDPR, Healthcare, Internal Mismanagement, IoMT, ISO Standards, NIS 2, Patient Information, Personal Data Breaches, Ransomware
- language
- English
- id
- 9193197
- date added to LUP
- 2025-06-05 13:15:22
- date last changed
- 2025-06-05 13:15:22
@misc{9193197,
abstract = {{The present thesis aims to assess the efficacy of the GDPR in managing personal data breaches in healthcare. To fulfil its purpose, we have analysed the legal basis for processing sensitive personal health data and we have set the following research question:
To what extent does the GDPR prevent personal health data breaches as well as mitigate their impact on data subjects?
In order to conduct our thesis and achieve its research objectives, we have analysed the relevant EU legal framework, focusing on the EU Regulation 2016/679, known as GDPR, as well as other legal official documents. We have also examined articles, scholarly literature, and compared recent case studies involving personal data breaches, which have been addressed under the GDPR in healthcare within the territorial scope of the Regulation.
This thesis focuses on data breaches in the healthcare sector, an area involving some of the most sensitive and personal information that can be processed. When such data is exposed, it can seriously affect individuals' privacy, dignity, and wellbeing. The healthcare industry is among the most targeted sectors globally, and in some cases, stolen health data ends up on the dark web, treated as a commodity by cybercriminals.
After conducting our research, we have concluded that personal data breaches in healthcare mainly occur due to internal mismanagement and external cybersecurity risks. These factors can be effectively diminished through compliance with the existing legal framework, combined with the adoption of enhanced security measures. These policies can jointly reduce the likelihood of personal data breaches if organizations adhere to the GDPR and the complementary legislation.}},
author = {{Dilaveraki Persson, Maria-Karolina and Lundkvist Richkin, Emma}},
language = {{eng}},
note = {{Student Paper}},
title = {{Is the GDPR the Cure for Data Breaches in Healthcare or just a Legal Placebo? - Managing Personal Data Breaches in Healthcare Under the GDPR}},
year = {{2025}},
}