Menzis (Health Insurance Company)

€50,000

Non-compliance with general data processing principles

Decision Date

October 31, 2019

Dutch Supervisory Authority for Data Protection (AP)

Finance, Insurance and Consulting

GDPR

FINAL

Marketing staff had access to patient data. Among other things, this violated the purpose limitation principle.

Art. 5

Non-compliance with general data processing principles