IT providers offering services based on genetic data face serious challenges in managing health data in compliance with the General Data Protection Regulation (GDPR). Based on a literature research and our experiences, an overview of GDPR compliant processing of sensitive data is given. The GDPR requirements for processing sensitive data were specified for a use case concerning a service provider of a pharmacogenomic decision support system. Start-ups who want to enter into the health market also have to comply with the Medical Device Regulation (MDR). The associated efforts for legal compliance constitute an impediment for many start-ups. We created a comprehensive overview, which aligned the requirements of the GDPR with the life-cycle of a medical device. This overview shall help start-ups to grasp and overcome the regulatory hurdles faster.