Motor insurance center

€52,000

Non-compliance with general data processing principles

Fecha de la decisión

16 de diciembre de 2021

Autoridad

Deputy Data Protection Ombudsman

FI

Sector

Finance, Insurance and Consulting

País

FI

Ley

GDPR

Estado

FINAL

Descripción

The Finnish DPA has fined a motor insurance center EUR 52,000. The controller had excessively requested patient data from within the healthcare system for the purpose of processing claims. However, much of the data was not necessary to process the claims. For example, the DPA found that the motor vehicle insurance center had also collected patient visit notes to determine whether the health care provider had billed for visits that were not related to the examination or treatment of injuries caused by the accident. The DPA notes that the Finnish Motor Insurance Act does not justify direct access to all patient data, but that the information requested must be necessary for the processing of the claim. For this reason, the authority recognized a violation of the principles of legality and transparency as well as data minimization in practice.

Citas legales

Art. 5 (1)Art. 25 (2)

Problemas e infracciones

Non-compliance with general data processing principles
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Deputy Data Protection Ombudsman - Travel agency...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.