Manx Care Ltd

€202,000

Non-compliance with general data processing principles

Datum der Entscheidung

13. Juli 2022

Behörde

Information Commissioner of Isle of Man

IM

Sektor

Health Care

Land

IM

Recht

GDPR

Status

FINAL

Beschreibung

The DPA of Isle of Man has imposed a fine of EUR 202,000 on Manx Care Ltd. Manx Care had emailed an unsecured attachment containing a patient's confidential health information to more than 1870 recipients. The DPA had subsequently issued an enforcement notice against Manx Care. However, Manx Care had failed to comply with the DPA's orders. As a result, the DPA came to the decision to impose a fine on the company. The DPA primarily found that the company had failed to implement appropriate technical and organizational measures to protect personal data. Also, the DPA found that the company had violated the principle of data minimization according to Art. 5 (1) c) GDPR by sending the patient's data to persons not related to the patient's care. Finally, the DPA found that the company had not informed the data subject of the data breach.

Juristische Zitate

Art. 5 (1)Art. 5 (2)Art. 24Art. 25Art. 32Art. 34Art. 58

Probleme und Verstöße

Non-compliance with general data processing principles
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Spanish Data Protection Authority (aepd) - DKV Seg...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.