Menzis (Health Insurance Company)

€50,000

Non-compliance with general data processing principles

Dato for beslutning

31. oktober 2019

Dutch Supervisory Authority for Data Protection (AP)

Finance, Insurance and Consulting

GDPR

FINAL

Marketing staff had access to patient data. Among other things, this violated the purpose limitation principle.

Art. 5

Non-compliance with general data processing principles