Selgitustaotlus
| Dokumendiregister | Andmekaitse Inspektsioon |
| Viit | 2.2-9/25/2340-1 |
| Registreeritud | 18.07.2025 |
| Sünkroonitud | 21.07.2025 |
| Liik | Sissetulev kiri |
| Funktsioon | 2.2 Loa- ja teavitamismenetlused |
| Sari | 2.2-9 Selgitustaotlused |
| Toimik | 2.2-9/2025 |
| Juurdepääsupiirang | Avalik |
| Juurdepääsupiirang | |
| Adressaat | Healiomed |
| Saabumis/saatmisviis | Healiomed |
| Vastutaja | Geili Keppi (Andmekaitse Inspektsioon, Koostöö valdkond, Koolitus- ja ennetustiim) |
| Originaal | Ava uues aknas |
Failid
Tähelepanu! Tegemist on välisvõrgust saabunud kirjaga. |
Dear Sir or Madam,
I hope this message finds you well.
We are reaching out as the developers of a new telemedicine platform established in Estonia. As we expand our operations within the European Union, we are committed to ensuring full compliance with the General Data Protection Regulation (GDPR) and related Estonian data protection laws.
Our platform does not store electronic health records or medical charts. We only collect limited personal data directly from patients, such as:
Full name
Email address
Date of birth
Physical address
Brief description of symptoms (provided voluntarily by the user)
Given the nature of our service, we would appreciate your guidance on the key compliance measures we should implement. Specifically, we are looking for recommendations or official documentation regarding:
The necessity of appointing a Data Protection Officer (DPO)
Requirements for a Data Protection Impact Assessment (DPIA)
Recommended safeguards for storing and processing basic patient data
Any Estonian-specific obligations that may apply to telemedicine platforms
We are grateful for any advice or resources you can share to help us align fully with EU and national requirements.
Thank you very much for your time and support.
Kind regards,
