Have you seen new European Medical Device Regulation (MDR)?
Especially classification rule 11 for software makes things interesting. Regulatory compliance is going to be difficult/costly for smes...
I was thinking the same thing. The regulation makes sense when purely looking at consumer/patient protection, but it really hurts competition and innovation. I would not be surprised if rule 11 gets revised. If you don't know: rule 11 states that all software that guides decision making on health issues is classified as higher risk. Basically any health related website or app is in scope and will need a certified quality management system. Very expensive to implement.
You still can. There is an exception to MDR rule that says; "Information systems that are intended only to store, archive and transfer data are not qualified as medical devices in themselves."
It's really not that hard to comply with GDPR. The easiest way is not storing PII, and if you do, only do so with consent and have a way of deleting that data. That's already 80% of compliance.
True, and that's my default approach. But what about building a ML dataset and model?
Also, aren't we supposed to gather consent for every use, separately? And not prevent users from using the service should they refuse to share their data?
Or am I just confused, and should just spend more time looking into it, or pay some (supposedly expert) (expensive) lawyer ?
"Does any one else than big, established, companies have the means to really properly comply with that? Heck, I don't even know how to comply!"