The General Data Protection Regulation (GDPR) is the UK and EU's data protection law. It ensures that personal data is processed lawfully, fairly, and transparently, with appropriate security measures.

• Special Category Data: HealthTag processes sensitive health data, which requires enhanced protection under GDPR.
• Vital Interests: Emergency access to medical data is justified under GDPR's vital interests basis.
• User Rights: Users have full control over their data with rights to access, modify, and delete their information.
• Legal Compliance: Ensures HealthTag operates within UK and EU data protection laws.

• Explicit consent for data processing with clear privacy notices
• Granular privacy controls allowing users to manage data visibility
• Data minimization - only collecting necessary medical information
• Secure data storage and transmission with encryption
• User rights implementation (access, rectification, erasure)