Compliance: an obligation and an opportunity

Our compliance with regulations such as MDR and GDPR supports your ability to operate legally and effectively in the modern healthcare environment while keeping data safe and private.

Why is compliance important?

ResMed takes regulatory compliance seriously. Healthcare, data and information technology regulators are developing increasingly rigorous frameworks to ensure people’s personal data – especially sensitive health data – are protected at all stages of data collection, storage and analysis. They are also regulating medical devices, to ensure they deliver a high standard of performance, safety and usability at all stages in the product life cycle.


To operate in a fully compliant manner in the healthcare environment, ResMed and its partners must comply with relevant rules, regulations and standards. We also choose to comply, because we believe that compliance creates opportunities for us to innovate and develop more effective, agile solutions that benefit all players in the healthcare environment. For example:

Regulations establish standards in security and privacy, making it easier for ResMed and its partners to drive improvements to our data-enabled eco-system.

Independently audited certifications (such as ISO27001 and HDS) provide healthcare partners and patients with objective, tangible assurance about the quality of ResMed’s systems and processes, building our reputation as a reliable, ethical organisation.

Real-life data collection, as required by the EU’s Medical Device Regulation (MDR), will extend our ability to improve our devices and solutions and support our objective of unlocking improvements in patient health and quality of life.

Rigorous regulation for clarity and assurance

The European regulations that apply to ResMed, notably GDPR for data protection and MDR for device safety and performance, are designed to be demanding. As a result, you can feel confident about the quality, robustness and rigour of our security and privacy systems, processes and protocols and the quality, safety and performance of our medical devices.

MDR, to improve quality and safety

The European Medical Device Regulation (MDR) is an EU regulation that governs the design, production and distribution of medical devices in Europe. It is due to come into force in May 2021. MDR requires medical device manufacturers, importers and distributors to gather, record and analyse data on quality, usability and safety across each device’s lifespan in order to manage risks and improve performance.

To comply with MDR, ResMed’s Quality Management System (QMS) will process real-life data from our devices for our post-market surveillance system (PMSS). This is in addition to the passive data (e.g. complaints, field reports, audits) and proactive data (e.g. clinical studies, customer surveys, research publications) that is already collected. Processing real-life data will enable us to better meet our regulatory obligations under MDR and continuously improve our standards of product quality and safety.

GDPR, to ensure data protection and privacy

The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy that applies to all individuals within the European Union (EU) and European Economic Area (EEA). It is one of the toughest privacy and security laws in the world. ResMed aims to comply in full with the challenging demands of GDPR. This enables us to protect the data of our healthcare partners and their patients and provide reassurance and support relative to their own GDPR responsibilities.