Azienda sanitaria locale di Bari
€50,000
Non-compliance with general data processing principles
Ημερομηνία απόφασης
2 Μαρτίου 2023
Αρχή
Italian Data Protection Authority (Garante)
IT
Τομέας
Health Care
Χώρα
IT
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The Italian DPA has imposed a fine of EUR 50,000 on Azienda sanitaria locale di Bari. The healthcare facility had published reviews of former patients on the Internet and provided access to hundreds of documents on which it was possible to identify the patients. The information about the patients had been crudely redacted, but not enough to prevent the data from being disclosed. In particular, information about the patients' state of health, clinical data on operations, diagnoses, etc. were visible.
Νομικές παραπομπές
Art. 5 (1)Art. 9Art. 25 (1)
Θέματα & Παραβάσεις
Non-compliance with general data processing principles