The EU General Data Protection Regulation (GDPR) has now been in force for almost three years. However, considerable legal uncertainty remains, particularly in the health sector. Abstract data protection requirements often make it difficult to implement concrete measures in health care facilities. Moreover, especially regarding the processing of sensitive health data, the demands made on data protection practice are high, and many exceptions from the basic rules are scattered among various special laws. There is therefore a strong desire for a general orientation guide. The presentation "Data Protection for Doctors and Healthcare Institutions" is intended to provide an understanding of specific problem points and to address possible solutions for dealing with them, taking into account the latest developments in data protection law.