Medical laboratory

€20,000

Insufficient technical and organisational measures to ensure information security

Otsuse kuupäev

19. august 2022

Ametiasutus

Belgian Data Protection Authority (APD)

BE

Sektor

Health Care

Riik

BE

Seadus

GDPR

Staatus

FINAL

Kirjeldus

The Belgian DPA imposed a fine of EUR 20,000 on a medical laboratory. During its investigation, the DPA found that the laboratory had failed to conduct a data protection impact assessment and thus violated Art. 35 GDPR. In addition, the laboratory had violated, Art. 5 (1) f) GDPR and Art. 32 GDPR, as it was possible for physicians to view patients' personal data on the website without encryption. Finally, the DPA found that the laboratory had not published a privacy statement on its website, in violation of Art. 12 GDPR, Art. 13 GDPR and Art. 14 GDPR.

Õiguslikud viited

Art. 5 (1)Art. 12Art. 13Art. 14Art. 32Art. 35 (1)

Probleemid ja rikkumised

Insufficient technical and organisational measures to ensure information security
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
French Data Protection Authority (CNIL) - ACCOR SA...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.