OLVG

€440,000

Insufficient technical and organisational measures to ensure information security

Datum der Entscheidung

11. Februar 2021

Behörde

Dutch Supervisory Authority for Data Protection (AP)

NL

Sektor

Health Care

Land

NL

Recht

GDPR

Status

FINAL

Beschreibung

The Dutch DPA (AP) imposed a fine of EUR 440,000 on the Amsterdam hospital OLVG. The controller had taken insufficient measures between 2018 and 2020 to prevent access by unauthorized employees to medical records. The controller did not check adequately who had access to which file nor did the controller ensure that the computer system presented sufficient security. This resulted, among others, in working students and other employees being able to access patient files without this being necessary for their work. Besides medical records, the patient files also contained, the social security numbers, addresses and telephone numbers of the data subjects.

Juristische Zitate

Art. 32

Probleme und Verstöße

Insufficient technical and organisational measures to ensure information security
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Spanish Data Protection Authority (aepd) - Vamavi ...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.