OLVG

€440,000

Insufficient technical and organisational measures to ensure information security

Data della decisione

11 febbraio 2021

Autorità

Dutch Supervisory Authority for Data Protection (AP)

NL

Settore

Health Care

Paese

NL

Legge

GDPR

Stato

FINAL

Descrizione

The Dutch DPA (AP) imposed a fine of EUR 440,000 on the Amsterdam hospital OLVG. The controller had taken insufficient measures between 2018 and 2020 to prevent access by unauthorized employees to medical records. The controller did not check adequately who had access to which file nor did the controller ensure that the computer system presented sufficient security. This resulted, among others, in working students and other employees being able to access patient files without this being necessary for their work. Besides medical records, the patient files also contained, the social security numbers, addresses and telephone numbers of the data subjects.

Citazioni legali

Art. 32

Problemi e violazioni

Insufficient technical and organisational measures to ensure information security
Visualizza il documento ufficiale
Torna al database delle multe
Precedente Multa
Spanish Data Protection Authority (aepd) - Vamavi ...
Prossima ammenda
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rimanete aggiornati sull'applicazione della privacy

Rispettiamo la vostra privacy. Un'email al mese, niente spam, cancellazione in qualsiasi momento.