Unknown

€19,000

Insufficient fulfilment of data breach notification obligations

Date de décision

5 janvier 2021

Autorité

Polish National Personal Data Protection Office (UODO)

PL

Secteur

Not assigned

Pays

CZ

Droit

GDPR

Statut

FINAL

Description

The Polish DPA (UODO) imposed a fine of EUR 19,000 on a hospital operator. A former employee had unlawfully copied the personal data of 100 patients from the hospital's computer network. The leaked data included the social security number, name, date of birth, address and telephone number of the data subjects. Although the controller considered the potential risk to the data subjects to be high, she had not informed the data subjects about the incident. The DPA then requested the controller to immediately inform the data subjects about the incident and provide them with advice on how to minimize the potential negative impact of the breach. However, the controller did not comply with this request.

Citations légales

Art. 34 (1)Art. 58 (2)

Questions et violations

Insufficient fulfilment of data breach notification obligations
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Polish National Personal Data Protection Office (U...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.