Medical association

€4,000

Insufficient fulfilment of data subjects rights

Decision Date

June 20, 2024

Authority

Italian Data Protection Authority (Garante)

IT

Sector

Health Care

Country

IT

Law

GDPR

Status

FINAL

Description

The Italian DPA has imposed a fine of EUR 4,000 on the medical association 'Ordine dei Medici Chirurghi e degli Odontoiatri'. A patient had filed a complaint with the DPA. During its investigation the DPA fount that the controller had not responded to the data subject's request for access to their personal data in a timely manner. Additionally, the controller failed to provide sufficient information regarding the retention period of their personal data.

Legal Citations

Art. 12 (3)Art. 13 (2)Art. 15

Issues & Violations

Insufficient fulfilment of data subjects rights
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - CUI ZSQ...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.