Østfold HF Hospital

€112,000

Insufficient technical and organisational measures to ensure information security

Datum der Entscheidung

22. Juni 2020

Behörde

Norwegian Supervisory Authority (Datatilsynet)

NO

Sektor

Health Care

Land

NO

Recht

GDPR

Status

FINAL

Beschreibung

It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.

Juristische Zitate

Art. 32

Probleme und Verstöße

Insufficient technical and organisational measures to ensure information security
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Spanish Data Protection Authority (aepd) - Comunid...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.