The General Data Protection Regulation (GDPR) became effective May 25, 2018, providing a significant update to the law governing how personal data is collected and used, extending broader rights and control to individuals over how their personal data is processed while placing enhanced obligations on organizations processing personal data.
This statement explains our strong commitment to complying with the GDPR and provides some context to processing of personal data by iRhythm.
iRhythm takes data privacy and security seriously. We have enhanced and continuously review our robust compliance program to further align with the unique elements of the GDPR. Our cross-functional project team, including external experts in security and data privacy, works with the focus of ensuring compliance and transparency with our customers and patients.
As part of our GDPR preparation, we undertook a detailed analysis of all business processes where personal data is collected and used. We mapped our data flows and conducted a gap analysis against which we structured our compliance program. Key steps we have taken as part of this program include:
iRhythm understands that continuous oversight and employee awareness are key to ongoing compliance with the GDPR. We continue to review personal data processing, adjusting and adapting our documentation as required.
If you have any further questions about our GDPR compliance, please contact us at UKprivacy@irhythmtech.com.