Can I collect the data myself from my own hospital and thus avoid the data controller’s collection fee?

Yes, you can, if this is okay with the controller. The controller has the right to determine independently the manner in which it carries out the extraction, and it has the right to use an external processor to carry out the data extraction.

If such processors are used, the EU General Data Protection Regulation (GDPR) requires that a data protection agreement (DPA) covering the processing of personal data is signed with them. The controller is ultimately responsible for ensuring that the personal data is processed in a legal manner. The processor, meanwhile, is responsible for ensuring that it complies with the terms of the DPA and the instructions of the controller.

The collected data must be delivered to Findata securely via the transfer service Nextcloud, after which we combine and pre-process them.