opensky Data Systems UK, Ireland, France, Middle-East Formed: 2004 Headquartered: Kildare, Ireland Offices: Ireland, Poland Business market: UK, Ireland, France, Middle-East opensky Data Systems is a Data, Information and Digital Partner to some of the most innovative government teams in Ireland and the UK . With special focus and experience in Health, Transport, Environment and Retail system development, the company is equipped to solve the most complex of data and technology challenges. opensky have worked with Irelands National Health Service for several years and developed a suite of unique e-Health applications. We have worked with universities who are involved in medical research. You need to click to move to next slide

Designed and Developed : Health Designed and Developed : Irelands Single Assessment Tool for Elder Care Planning and Assessments within Acute Care, Home Care and Community Settings Structured Patient Educations System Fair Deals Private Care Homes Health Funding System for Irish Government Cervical Screening System Immunisation System Trainee Consultant Employment Portal Opensky Workpackages T2.4 Privacy and Security Research on Privacy and security requirements and ensuring the overall design and user interface is built in compliance with best practices for data protection T3.2 Front End GUI Implementation Building front-end integration with the Sensor platform to surface the control and visualisation of the built in algorithms and overall platform management to the end-user

Opensky Team Health Project Manager Alan Fitzpatrick   Alan Fitzpatrick Manage Project Requirements 1st Escalation Point Manage Project Deliverables Development Manage Rollout Coordination with partners Data Protection & Security Analysis Rosarie Lucey Privacy & Data Protection Review Security Testing Integration Test Technical Specialist Aleh Holub Usability Development Secure design development Unit Test

Benefits of CARELINK to opensky Health Enhancing a core skill in security and data protection: with the imminent compliance with the new EU General Data Protection Regulation on 25th of May 2018, many businesses are investing in resources to achieve compliance to avoid heavy penalties, which come with breaches of this new regulation (4% of global turnover). Many of opensky’s Government customers in the UK and Ireland are showing increased concern that their IT systems will not comply. While working on CARELINK, opensky is looking instead to build on the data protection & security advisory service within its software development process. Experience in working with IoT architectures: CARELINK is provisioning an Internet of Things platform to provide the monitoring and reporting on a Dementia sufferers through wearable devices. opensky’s current services and products currently employ enterprise web and mobile architectures, however building experience and skills in utilising connected devices will enrich the capabilities of our team and enhance the potential for future opportunities. Innovation in Health Education Platforms: opensky is currently working on a health application to host structured training for those suffering chronic diseases (initially diabetes) and tools to measure the clinical markers which identify the effectiveness of structured training for better health outcomes for those suffering from Chronic disease. CARELIINK gives opensky the opportunity both to work with UNINOVA to understand the health education possibilities for those suffering from dementia.

Health T2.4 Privacy and Security Taking the requirements defined in WP2, as well as the ethical issues pertaining to each component with regards to privacy and security matters, as outlined in WP1, the user and testing scenarios will be enhanced by specific privacy and security requirements with the end user protection at the forefront of the process. Research on Privacy and security requirements and ensuring the overall design and user interface is built in compliance with best practices for data protection Opensky are ISO 27001 Information Security accredited Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

T2.4 Privacy and Security Data Protection by Design and Default: Health T2.4 Privacy and Security Data Protection by Design and Default: Methods to ensure privacy by design: Use of DPIA, Data Minimisation, Data deletion & Retention and Anonymization, Consent Management A Data Privacy Impact assessment is a process which assists organisations in identifying and minimising the privacy risks of new projects or policies. Subject Access Request Management Implementing Security measures such as incorporating SSL certs, strong password and brute force prevention, database security employing encryption, auditing, role based access and permissions. Privacy by Default: When a system includes choices for the individual on how much personal data to provide, the default is set to most privacy friendly.

Definitions Personal Data: any data that identifies a living person Health Definitions Personal Data: any data that identifies a living person Sensitive Personal Data: ethnicity, religious belief, sex life, philosophical beliefs, trade union membership, physical or mental health, criminal convicions (or allegations thereof) DPIA: Data Privacy Impact Assessment Data Subject: user or person Data Controller: defines the data collected and reasons Data Processor: processes data on behalf of the data controller Supervisory Authority: Data Regulator Profiling: use of personal data to evaluate certain personal aspects relating to a natural person i.e. to analyse or predict aspects concerning work performance, economic situation , health, personal preferences, behaviour etc.

T2.4 Privacy and Security Rights of Data Subject under GDPR: Health T2.4 Privacy and Security Rights of Data Subject under GDPR: Right to be Informed (transparency) Right of Access Right to Rectification Right to Erasure (‘right to be forgotten’) Right to restriction of processing Right to portability Right to object Right to object to automated individual decision making