HEI – Medical Travel

€10,600

Insufficient fulfilment of data subjects rights

Decision Date

May 3, 2022

Authority

Icelandic data protection authority ('Persónuvernd')

IS

Sector

Health Care

Country

IS

Law

GDPR

Status

FINAL

Description

The Icelandic DPA has imposed a fine of EUR 10,600 on HEI - Medical Travel. A data subject had filed a complaint with the DPA against the controller. The controller had gained access to the data subject's email via the Icelandic Medical Association's internal website and had then sent them unsolicited emails. The DPA found that such access was unlawful due to the lack of a valid legal basis. In addition, the data subject had asked the controller for information about the processing of their personal data, such as the origin of the e-mail address. The controller did not properly comply with this request.

Legal Citations

Art. 15 (1)Art. 9 (1)Art. 17 (2)

Issues & Violations

Insufficient fulfilment of data subjects rights
View Official Document
Back to Fines Database
Previous Fine
Icelandic data protection authority ('Persónuvernd...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.