Ospedaliero-Universitaria Careggi
€80,000
Insufficient technical and organisational measures to ensure information security
Sprendimo priėmimo data
2025 m. rugpjūčio 4 d.
Institucija
Italian Data Protection Authority (Garante)
IT
Sektorius
Health Care
Šalis
IT
Teisė
GDPRStatusas
FINALAprašymas
The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.
Teisinės citatos
Art. 5 (1)Art. 9Art. 25Art. 32
Problemos ir pažeidimai
Insufficient technical and organisational measures to ensure information security