Manx Care Ltd

€202,000

Non-compliance with general data processing principles

Päätöspäivä

13. heinäkuuta 2022

Viranomainen

Information Commissioner of Isle of Man

IM

Ala

Health Care

Maa

IM

Laki

GDPR

Tila

FINAL

Kuvaus

The DPA of Isle of Man has imposed a fine of EUR 202,000 on Manx Care Ltd. Manx Care had emailed an unsecured attachment containing a patient's confidential health information to more than 1870 recipients. The DPA had subsequently issued an enforcement notice against Manx Care. However, Manx Care had failed to comply with the DPA's orders. As a result, the DPA came to the decision to impose a fine on the company. The DPA primarily found that the company had failed to implement appropriate technical and organizational measures to protect personal data. Also, the DPA found that the company had violated the principle of data minimization according to Art. 5 (1) c) GDPR by sending the patient's data to persons not related to the patient's care. Finally, the DPA found that the company had not informed the data subject of the data breach.

Oikeudelliset viittaukset

Art. 5 (1)Art. 5 (2)Art. 24Art. 25Art. 32Art. 34Art. 58

Asiat ja rikkomukset

Non-compliance with general data processing principles
Näytä virallinen asiakirja
Takaisin sakkotietokantaan
Edellinen Fine
Spanish Data Protection Authority (aepd) - DKV Seg...
Seuraava hieno
Data Protection Authority of Hamburg (HmbBfDI) - C...

Pysy ajan tasalla yksityisyyden suojan valvonnasta

Kunnioitamme yksityisyyttäsi. Yksi sähköpostiviesti kuukaudessa, ei roskapostia, peruuta tilaus milloin tahansa.