Manx Care Ltd

€202,000

Non-compliance with general data processing principles

Data della decisione

13 luglio 2022

Autorità

Information Commissioner of Isle of Man

IM

Settore

Health Care

Paese

IM

Legge

GDPR

Stato

FINAL

Descrizione

The DPA of Isle of Man has imposed a fine of EUR 202,000 on Manx Care Ltd. Manx Care had emailed an unsecured attachment containing a patient's confidential health information to more than 1870 recipients. The DPA had subsequently issued an enforcement notice against Manx Care. However, Manx Care had failed to comply with the DPA's orders. As a result, the DPA came to the decision to impose a fine on the company. The DPA primarily found that the company had failed to implement appropriate technical and organizational measures to protect personal data. Also, the DPA found that the company had violated the principle of data minimization according to Art. 5 (1) c) GDPR by sending the patient's data to persons not related to the patient's care. Finally, the DPA found that the company had not informed the data subject of the data breach.

Citazioni legali

Art. 5 (1)Art. 5 (2)Art. 24Art. 25Art. 32Art. 34Art. 58

Problemi e violazioni

Non-compliance with general data processing principles
Visualizza il documento ufficiale
Torna al database delle multe
Precedente Multa
Spanish Data Protection Authority (aepd) - DKV Seg...
Prossima ammenda
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rimanete aggiornati sull'applicazione della privacy

Rispettiamo la vostra privacy. Un'email al mese, niente spam, cancellazione in qualsiasi momento.