The healthcare sector traditionally processes large amounts of personal data. Nowadays, medical practice increasingly uses information technologies, such as smartphone applicatons (‘apps’) and wearable devices (e.g. smart watches, smart soles), for treatment plans and information collection. It is inherent to these modern technologies that they generate even more personal data. Some of the apps are developed specifcally for the healthcare sector, some are more general (health) apps. Within the European Union (EU), the processing of these personal data is regulated by the General Data Protecton Regulation (GDPR), which entered into force on 25 May 2018. The GDPR provides controllers and processors with obligations and data subjects with righ...