Hospital

€4,000

Non-compliance with general data processing principles

Fecha de la decisión

24 de marzo de 2025

Autoridad

Croatian Data Protection Authority (azop)

HR

Sector

Health Care

País

DE

Ley

GDPR

Estado

FINAL

Descripción

The Croation DPA (AZOP) has imposed a fine of EUR 4,000 on a hospital. The AZOP found that the hospital used a company which automatically retrieved personal data of vehicle owners via the Ministry of the Interior's web service without a legal basis, to issue parking fines for vehicle owners. Additionally, the hospital failed to inform parking users transparently and in accordance with legal requirements about the processing of their personal data related to parking fees. Furthermore, the hospital did not implement appropriate organizational measures to protect the data and lacked a contractual agreement with the external commercial company processing the data. The hospital was fined for breaching Art. 13, Art. 14 (2)(f), Art. 25 (1) and Art. 28(3) GDPR.

Citas legales

Art. 13Art. 14 (2)Art. 25 (1)Art. 28 (3)

Problemas e infracciones

Non-compliance with general data processing principles
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Croatian Data Protection Authority (azop) - Hospit...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.