In June, the Bavarian Data Protection Authority ("DPA") and the Bavarian Data Protection Commissioner published a joint guideline (source document in German) regarding the use of external providers in hospitals. The guideline discusses how to ensure that commissioned data processing (Auftragsverarbeitung) complies with data protection requirements, such as Article 27 of the Bavarian Act on Hospitals.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.