Primary Health Care in the Capital Area

€34,300

Insufficient legal basis for data processing

Decision Date

February 17, 2025

Authority

Icelandic data protection authority ('Persónuvernd')

IS

Sector

Health Care

Country

IS

Law

GDPR

Status

FINAL

Description

The Icelandic DPA has imposed a fine of EUR 34,300 on the Primary Health Care in the Capital Area. The controller processed personal and health data in shared medical record systems by merging its medical records with those of other parties and granting them access to its patients' records.

Legal Citations

Art. 5 (1)Art. 6 (1)Art. 9 (2)

Issues & Violations

Insufficient legal basis for data processing
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - ORANGE ...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.