The European Union (EU) General Data Protection Regulation (GDPR) imposes legal responsibilities concerning the collection and processing of personal information from individuals who live in the EU. It has particular implications for the remote monitoring of cardiac implantable electronic devices (CIEDs). This report from a joint Task Force of the European Heart Rhythm Association and the Regulatory Affairs Committee of the European Society of Cardiology (ESC) recommends a common legal interpretation of the GDPR. Manufacturers and hospitals should be designated as joint controllers of the data collected by remote monitoring (depending upon the system architecture) and they should have a mutual contract in place that defines their respective roles; a generic template is proposed. Alternatively, they may be two independent controllers. Self-employed cardiologists also are data controllers. Third-party providers of monitoring platforms may act as data processors. Manufacturers should always collect and process the minimum amount of identifiable data necessary, and wherever feasible have access only to pseudonymized data. Cybersecurity vulnerabilities have been reported concerning the security of transmission of data between a patient's device and the transceiver, so manufacturers should use secure communication protocols. Patients need to be informed how their remotely monitored data will be handled and used, and their informed consent should be sought before their device is implanted. Review of consent forms in current use revealed great variability in length and content, and sometimes very technical language; therefore, a standard information sheet and generic consent form are proposed. Cardiologists who care for patients with CIEDs that are remotely monitored should be aware of these issues.

BIOTRONIK SE and Co KG Berlin Germany

Boston Scientific Arden Hills MN USA

Cardiac Pacing Unit Cardiology Service University Hospital of Geneva Geneva Switzerland

Centre for Biomedical Ethics and Law KU Leuven Leuven Belgium

Cyber Security Group Delft University of Technology Delft The Netherlands

Départment Médico Universitaire DREAM Bichat University Hospital APHP 7 Inserm 1148 Université de Paris Paris France

Department of Cardiology Aarhus University Hospital Palle Juul Jensens Boulevard 99 DK 8200 Aarhus N Denmark

Department of Cardiology Erasme University Hospital Université Libre de Bruxelles Brussels Belgium

Department of Cardiology UniversityHospital Antwerp University of Antwerp Antwerp Belgium

Department of Cardiovascular Sciences Katholieke Universiteit Leuven Leuven Belgium

Dipartimento di Elettronica Informazione e Bioingegneria Politecnico di Milano Milan Italy

Division of Cardiology Angiology Pneumonology and Intensive Medical Care Department of Internal Medicine 1 University Hospital Jena Friedrich Schiller University Jena Am Klinikum 1 Jena Germany

Division of Cardiology New York Presbyterian Queens and School of Health Policy and Research Weill Cornell Medical College New York NY USA

ESC Patient Forum member Brussels Belgium

Imperial College London and National Heart and Lung Institute Dovehouse Street London SW3 6LY UK

Institute for Clinical and Experimental Medicine Prague and Palacky University Medical School Olomouc Czech Republic

School of Computer Science University of Birmingham Birmingham UK

School of Medicine Cardiff University Cardiff UK

Telefonica Research Spain

University of Bergen Stavanger University Hospital Stavanger Norway

University of Rochester Medical Center Clinical Cardiovascular Research Center Rochester NY USA

Europace. 2021 Jun 7;23(6):843. doi: 10.1093/europace/euab053. PubMed

Citace poskytuje Crossref.org