...
Data is treated under the law of sundhedsloven or plejeloven. All access to data is logged. This log covers who accessed data, which action, at what time and on what citizen. The access is also registered the citizen's MinLog, giving the possibility of self data control by the citizen.
2) Limitation of purpose, data and storage
Only data relevant to the given treatment is stored. Data is only used in connection with the given treatment. Only data relevant for the treatment is stored.
3) Data subject rights
Data subjects can receive a copy of data and have wrong data corrected. As log long as data is used in the treatment of the data subject, it cannot be deleted since this might have a negative impact on the treatment.
...
Patient data is stored under a pseudonym. Data is encrypted under transport. Access to data is guarded by rules where only certain roles has access. These roles is only granted to personal accounts.
7) Data Protection Impact Assessment
...
8) Data transfers
Data can be exported in the FHIR format.
9) Data Protection Officer
...