Danish Cancer Society

€107,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

29 de septiembre de 2021

Autoridad

Danish Data Protection Authority (Datatilsynet)

DK

Sector

Health Care

País

DK

Ley

GDPR

Estado

FINAL

Descripción

The Danish DPA has fined the Danish Cancer Society EUR 107,000 for failing to comply with the requirements of the GDPR regarding appropriate security measures. The Danish Cancer Society had reported four data breaches according to Art. 33 GDPR to the DPA. Two of these involved computer thefts, two phishing attacks - and all four were due to the Danish Cancer Foundation's failure to implement technical and organizational measures to ensure a level of security appropriate to the risk to data subjects. A similar personal data breach already occurred in August 2018, when the Foundation fell victim to phishing and spoofing hacking attacks. In this context, the Danish Cancer Society stated that it should increase protection through multifactor authentication, however, this was not implemented. The data of at least 1,448 individuals was compromised, and in several cases it involved sensitive personal health data, including medical history.

Citas legales

Art. 32

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Spanish Data Protection Authority (aepd) - ACONCAG...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.