Hedman advised Tartu University Hospital on data protection matters

Hedman conducted a comprehensive independent GDPR compliance audit for the Hospital, based on the Estonian information security standard (E-ITS) catalog of personal data protection measures. In addition to the compliance audit, Hedman also provided recommendations on how to implement the requirements in practice.

As the Hospital is a large-scale processor of health data, the compliance audit and consultation focused particularly on the requirements of GDPR and the legal regulations governing the provision of healthcare services, specifically regarding the processing of special categories of data.

Tartu University Hospital Foundation is the only university hospital in Estonia. Healthcare services are provided to all people in Estonia, the largest selection of medical specialties is represented. Unique to Estonia, it includes services from prenatal counselling, obstetrics and neonatal intensive care to full treatment and counselling of elderly patients. The Hospital is distinguished by the provision of healthcare services in the widest sense possible, from prevention of diseases and primary healthcare services to specific highly technological sub-specialties.
The Tartu University Hospital is the only service provider in Estonia for several specialties, they are a reference center for various rare diseases in the European network.

The client was advised by senior associate and partner Toomas Seppel and by Specialist Data Privacy Counsel Andres Ojaver.