Orthodontic Clinic
€12,000
Insufficient technical and organisational measures to ensure information security
Дата на решението
4 февруари 2021 г.
Орган
Dutch Supervisory Authority for Data Protection (AP)
NL
Сектор
Health Care
Държава
NL
Право
GDPRСтатус
FINALОписание
The Dutch DPA (AP) has fined an orthodontic clinic EUR 12,000. The web form that new patients used to sign up contained mandatory fields for all sorts of patient personal data. The data that the patients (mostly children) entered into the form was then sent to the orthodontic clinic via an unencrypted - and thus unsecured - connection. This presented the risk of unauthorized third parties accessing the personal data of the data subjects.
Правни цитати
Art. 32 (1)
Въпроси и нарушения
Insufficient technical and organisational measures to ensure information security