Università Campus Bio-medico di Roma (Polyclinic)
€20,000
Non-compliance with general data processing principles
Ημερομηνία απόφασης
26 Οκτωβρίου 2020
Αρχή
Italian Data Protection Authority (Garante)
IT
Τομέας
Public Sector and Education
Χώρα
IT
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.
Νομικές παραπομπές
Art. 5 (2)Art. 9
Θέματα & Παραβάσεις
Non-compliance with general data processing principles