Medesk and GDPR Compliance

Last updated: 14th May 2018, effective as of May 25th 2018

On May 25th 2018, the European Union’s new privacy law, the General Data Protection Regulation (GDPR) will come into effect.

The GDPR is a sweeping legislation which strengthens the right to know how your data is collected, processed, stored, as well as grants the right to have your data deleted (the right to be forgotten).

The GDPR includes conditions like:

  • Personal data must be collected in a fair and transparent way and must only be used responsibly.
  • Personal data cannot be collected arbitrarily and must only be collected for a specific purpose.
  • Personal data can only be held for the time needed to carry out this specific purpose.
  • Citizens have the right to know what personal data is being collected. A person may request a copy of their data or that they’re data be deleted, restricted, or moved.

Even though GDPR is geared towards citizens of the European Union, we believe every user has the right to privacy and we will be actioning data requests from any individual, within or outside the EU.

Data Processing Schedule

Medesk GDPR Data Processing Schedule is part of our online Terms of Service.

By incorporating our GDPR DPA into the Medesk Terms of Service, we are simply extending the terms of our GDPR DPS to all customers globally who will require it under GDPR.


Medesk Limited 3rd Floor, 207 Regent Street, London W1B 3HH UK Registration No 10118056