ASST di Lodi

€1,000

Insufficient technical and organisational measures to ensure information security

Date de décision

26 avril 2022

Autorité

Italian Data Protection Authority (Garante)

IT

Secteur

Health Care

Pays

IT

Droit

GDPR

Statut

FINAL

Description

The Italian DPA (Garante) has imposed a fine of EUR 1,000 on ASST di Lodi. The healthcare facility had reported a data breach to the DPA pursuant to Art. 33 GDPR. A patient had provided two contacts for their medical affairs. The facility had been explicitly authorized to obtain medical information of the patient from these two persons in case of emergency. In the context of an important diagnostic examination of the patient, the two authorized contacts were not reachable, so a healthcare facility employee asked a family member they personally knew for the information. During its investigation, the DPA found that the healthcare facility processed the data subject's information without the data subject's consent and, therefore, without a valid legal basis. In addition, the DPA concluded that the healthcare facility had not taken appropriate technical and organizational measures to protect personal data in order to prevent such incidents.

Citations légales

Art. 5 (1)Art. 9Art. 32

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Spanish Data Protection Authority (aepd) - MOVALIA...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.