GDPR and Regulatory

General Data Protection Regulation (GDPR)

The GDPR EU regulation 2016/679 concerns data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU. The primary aim of GDPR is to give citizens control of their personal data and to simplify the regulatory environment within the EU.

GDPR has been incorporated into UK law and compliance has been mandatory since 25th May 2018.

Docobo Compliance with GDPR Legislation

Docobo supplies digital technology enabling health organisations to improve the care of their patients. Within our confidential, secure, resilient and robust digital platforms, our solutions gather, store and analyse various data sets regarding the health and wellbeing of the patients our clients care for.

As a responsible small business which relies on the confidentiality and security of the data we hold, we have always been diligent about demonstrating our compliance with data protection laws and information governance requirements. Our clients can be assured that we’re trustworthy and compliant processors of sensitive health and personal data.

All Docobo solutions meet the applicable key GDPR principles, namely:

  • Lawful, fair and transparent processing
  • Purpose limitation
  • Data minimisation
  • Accurate and up-to-date processing
  • Limitation of storage in a form that permits identification
  • Confidentiality and security
  • Accountability and liability

Docobo’s Fair Processing Notice

The purpose of this notice is to inform you of the way in which we, Docobo Limited, use information (including personal data) about you. In this notice we will explain:

  • Who we are and what we do
  • The types of information we hold about people
  • How we use this information and why we need to do this
  • Who we may share your information with
  • How you can object to the way we use information or complain about this
  • How you can access a copy of the information we hold about you
  • What other rights you may have in relation to this information
  • How we keep your information secure and confidential
  • Where to go if you require further information

This guidance applies to all individuals whose information is used by Docobo, our staff, suppliers, and visitors to our offices.

This information is sometimes known as a ‘Privacy Notice’ or ‘Fair Processing Notice’ and it is a legal obligation under data protection legislation that we provide you with this.

We will review this information regularly and update it as required – so we would recommend that you check this webpage regularly to ensure that you remain informed about the way in which we use your information.

This version was last updated: 16/03/2021


We provide medical-grade digital health solutions which support integrated care, business intelligence and patient monitoring e.g. patients with long-term conditions. We’ve been doing this since 2001 and our products support thousands of patients, carers and clinicians.

We fully understand the regulatory and information governance environment and we meet all standards and requirements to ensure patient safety and confidentiality. We know that protecting personal records and commercially sensitive information is essential; to demonstrate our commitment to maintaining a robust approach for managing information security, we have achieved and will continue to maintain:

  • ISO 27001 certification (international standard for implementing information security management system)
  • ISO 13485 certification (quality management of medical devices)
  • Cyber Essentials Plus (the highest level of certification offered under the Cyber Essentials scheme)

Our solutions are fully IG and Medical Device accredited, and available on multiple procurement frameworks.

We’re enthusiastic supporters of maintaining high standards. This takes us a lot of time and effort, but we want you to be in safe hands.