Azienda Sanitaria Locale Roma

€46,000

Insufficient legal basis for data processing

Decision Date

May 26, 2022

Authority

Italian Data Protection Authority (Garante)

IT

Sector

Health Care

Country

IT

Law

GDPR

Status

FINAL

Description

The Italian DPA has fined Azienda Sanitaria Locale Roma EUR 46,000. The healthcare facility had published the names and health information of 1337 patients on its website. In most cases, this involved the health records of the data subjects, including medical documents, disability assessments, tests, technical reports, etc.... In this context, the DPA found that the healthcare institution had processed the data unlawfully as well as violated principle of data minimization.

Legal Citations

Art. 5 (1)Art. 6 (1)Art. 6 (2)Art. 9 (1)Art. 2Art. 2

Issues & Violations

Insufficient legal basis for data processing
View Official Document
Back to Fines Database
Previous Fine
Belgian Data Protection Authority (APD) - Roularta...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.