Industry TemplateIndustry-Specific

Healthcare (EU — GDPR)

EU healthcare control-mapping starter for GDPR Article 9 special-category health data, with configurable data-minimization, purpose-limitation, and automated-decision safeguards. Includes controls relevant to EU AI Act risk programs, such as bias monitoring, transparency, and human oversight, but requires independent legal and risk assessment.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

EU, EEA, UK

References

8 references

Mapped Control Domains

5 mapped domains

Deployment

Regulated SaaS, Sovereign Region

Referenced Frameworks, Standards & Obligations

GDPR Art. 9 (Special Category Health Data)GDPR Art. 22 (Automated Decision-Making)GDPR Art. 35 (Data Protection Impact Assessment)EU AI Act (High-Risk — Annex III §5)Medical Device Regulation 2017/745 (MDR)Clinical Trials Regulation 536/2014ePrivacy Directive 2002/58/ECNIS2 Directive (Healthcare Sector)

Mapped Control Domains

Data Privacy
AI Governance
Audit Logging
Human Oversight
Bias Monitoring

Deployment profiles

Regulated SaaS
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.