Doctor

€3,000

Insufficient technical and organisational measures to ensure information security

Date de décision

17 décembre 2020

Autorité

French Data Protection Authority (CNIL)

FR

Secteur

Health Care

Pays

CY

Droit

GDPR

Statut

FINAL

Description

The French DPA (CNIL) fined a doctor EUR 3,000 for violations of Art. 32 GDPR and Art. 33 GDPR. The controller had stored medical image data as MRI and X-ray images as well as personal data such as the names, dates of birth and treatment data of his patients on his computer. The controller had not taken appropriate technical measures to ensure the security of the data, and as a consequence, access to his patients' data was possible for anyone without access protection. The data protection authority notes that the data had been exposed for about four months.

Citations légales

Art. 32Art. 33

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Romanian National Supervisory Authority for Person...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.