← All providers

DPIA overview

A short, public summary of our risk assessment for processing personal data of healthcare providers. A formal Data Protection Impact Assessment is held internally; this page gives the main lines. Version 1.0.

Version effective from 2026-05-12.

What processing

Patientvoice processes name, profession, optional BIG number, optional employer link, and public references (LinkedIn, ZorgkaartNederland, annual reports) of healthcare providers in mental healthcare, and publishes linked experiences submitted anonymously by visitors.

Purpose and proportionality

Purpose: enable patients and their loved ones to share and consult experiences with mental healthcare, supporting free choice of provider and collective checks and balances in a sector where patients are structurally in the weaker position.

Proportionality: only professional data is processed. No private data (family, religion, home address). No special categories of personal data. No automated decision-making with legal effect. Processing is limited to what is necessary.

Legal basis

Article 6(1)(f) GDPR (legitimate interest). Balancing test: the interest of patients in information and free choice of provider outweighs the privacy interest of the provider, provided that (a) only professional data is processed, (b) an effective code of conduct is followed, and (c) providers can reply and request motivated removal. This follows the line set by the District Court of Overijssel in ECLI:NL:RBOVE:2019:3755.

Risks and mitigations

Risk 1 — inaccurate or offensive experience: mitigated by (a) a code of conduct with inline strip at submission, (b) an automated check on every experience that names a provider (factual inaccuracies, slurs, accusations of crimes), (c) manual review on red flags, (d) a 48-hour takedown procedure.

Risk 2 — unjust reputational harm: mitigated by right-to-reply after claim verification, plus the takedown route with a justified/unjustified framework.

Risk 3 — unrestricted spread via search engines: mitigated by noindex on profiles where the provider has requested removal or where the employer is unknown.

Risk 4 — data breach: mitigated by HTTPS, restricted server access, no tracking cookies, encrypted backups, limited retention.

Risk 5 — claim abuse: mitigated by BIG number verification + email loop + manual check on mismatch.

Rights of data subjects

Access, rectification, erasure, reply and objection as described in the privacy policy. For providers: takedown button on profile + every experience. Turnaround: 48 hours for justified requests.

Audit

Every takedown decision is logged with motivation and date. For external requests (Data Protection Authority, court) this log is available.

Review

This DPIA is reviewed at least annually, and sooner on significant changes (e.g. new data sources, new audiences, new case law).

Questions or feedback on this page? Email joost@start24.nl.