Medical association

€3,000

Insufficient legal basis for data processing

Decision Date

May 9, 2024

Authority

Italian Data Protection Authority (Garante)

IT

Sector

Health Care

Country

IT

Law

GDPR

Status

FINAL

Description

The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspended them for not fulfilling the COVID-19 vaccination obligation and also informed their employer of this. An email from the association requesting notification of the employer was inadvertently sent to other individuals, as a result of which their email addresses and vaccination status became known.

Legal Citations

Art. 5 (1)Art. 6Art. 2

Issues & Violations

Insufficient legal basis for data processing
View Official Document
Back to Fines Database
Previous Fine
Italian Data Protection Authority (Garante) - Azzu...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.