Meet Ophélie, our Data Protection Officer
Published Jul 2, 2019 • Updated Sep 8, 2019 • By Louise Bollecker
As a social network for patients with chronic diseases and their families, Carenity has access to data about the health of its members. Security, confidentiality, and respect for this data is a top priority for us: this is the role played by Ophélie, the Data Protection Officer at Carenity.
Hello Ophélie! In practice, what is the role of a Data Protection Officer?
Hello! In concrete terms, the role of a Data Protection Officer (DPO) is to provide information and advice in order to comply with the provisions of the General Data Protection Regulations (GDR). I am also in contact with the CNIL (National Commission of Information and Liberty), if necessary, and at the here to address and answer the questions of members on data protection.
What does this mean on a daily basis? What is your job role and projects?
On a daily basis, I am called upon to set up new projects such as certain evolutions of the platform. I work in collaboration with the Carenity team (and in particular Jérémy, IT Security Manager) to ensure that all member data is protected, that we do not collect data in an unjustified manner, that information on the processing of data is transparent and accessible to all members... For example, the information is available here regarding the use of the platform.
I also ensure that each time a new survey is put online, people wishing to respond have all the information they need about the objectives of the survey or how the results will be used. I also take care of answering member questions when contacted or concern data protection.
What data is collected at registration and what is it used for?
At registration, members must provide an email address, their date of birth, and select a condition (as a patient, a family member, a caregiver, an interested party, or a patient association representative).
The email address is useful for us to validate the Carenity account and contact the member if necessary. The date of birth allows us to ensure that the person who wishes to register is age of majority. In addition, since the platform is organized around communities, adding a disease allows us to offer more relevant content, information, and forums to our members, which is Carenity's mission.
Who has access to member data?
Not all members of the Carenity team have access to all member data. For example, the Community Managers and I will have access to data that allows members to use the platform to help them if necessary. On the other hand, the team in charge of analyzing the survey results will only have access to the survey responses, etc.
What data is shared with third parties? Under what conditions?
In general, we do not share any personal data of members with third parties.
In particular, when we share survey results, it is in an aggregate form, i.e. it is impossible to identify a member individually. When we work with researchers or physicians on research topics, we sometimes transmit a member's responses in a non-aggregated manner (a series of responses that are known to have been provided by a single person). In this case, this point is always explicitly stated on the introductory page where we present the survey and you can choose not to participate.
Where is the data of Carenity members hosted?
The data is hosted in France by our OVH host, to guarantee maximum security in accordance with European Union standards.
How long have you been at Carenity?
I have been with Carenity since 2016. I also hold the position of Senior Data Analyst. My role is to convey as accurately as possible the opinions and difficulties of members to our partners, in order to constantly improve the services provided to patients.
Any last words?
If you have any questions, please do not hesitate to contact me at firstname.lastname@example.org. I will answer you as soon as possible!