GDPR

OMOPHub meets GDPR requirements. We have established safeguarding your information as our primary focus.

What is GDPR?

The General Data Protection Regulation (GDPR) is a personal information protection statute enacted by the European Union. It became effective on May 25, 2018, and is recognized as one of the globe's foremost data privacy regulations.

The objective of GDPR is to respect the confidentiality of individuals living in the EU, by safeguarding their:

  • Right to receive information
  • Right to access
  • Right to correction
  • Right to deletion
  • Right to limit data processing
  • Right to data transferability
  • Right to oppose
  • Right to prevent automated decision-making

Why is GDPR necessary?

Most organizations utilizing OMOPHub either operate within the EU or serve clients there. We are fulfilling our duty to adhere to the entitlements of individuals residing in the EU.

GDPR adherence is not only a requirement for OMOPHub, but also for numerous enterprises utilizing OMOPHub. OMOPHub's adherence enables additional organizations to develop their systems on top of OMOPHub's foundation without sacrificing confidentiality or regulatory compliance.

Who audited OMOPHub?

GDPR is legislation, not a certification. Organizations conduct self-evaluations of their adherence to GDPR. OMOPHub employs thorough surveillance and evaluation systems to guarantee our GDPR safeguards are consistently supervised and upheld.

Where is OMOPHub data stored?

OMOPHub maintains client information in the United States (US).

Our Data Processing Agreement incorporates a Standard Contractual Clause to manage appropriate data transfer from the EU to the US.

Client information is maintained in protected, encrypted cloud systems. Our data processing contracts incorporate suitable protections for cross-border data transfers, guaranteeing adherence to GDPR mandates.

What measures are taken to protect PII?

OMOPHub adheres to security industry standards and deploys extensive technical and administrative safeguards to safeguard personal data. Our protective measures encompass encryption for stored and transmitted data, access management, periodic security assessments, and privacy by design methodologies.

How does OMOPHub meet the obligations of a processor?

OMOPHub invested substantial effort implementing the required modifications to adhere to GDPR to appropriately fulfill our responsibilities as a data processor according to Article 28 of GDPR.

We have released a Data Processing Addendum (DPA) that details the duties of OMOPHub as a data processor. These modifications also encompass revisions to our Terms and Privacy Policy to sufficiently integrate all of these documents collectively.

Can you answer a questionnaire?

If you have a survey that requires completion, please reach out to us.