Ospedaliero-Universitaria Careggi
€80,000
Insufficient technical and organisational measures to ensure information security
Lēmuma datums
2025. gada 4. augusts
Iestāde
Italian Data Protection Authority (Garante)
IT
Nozare
Health Care
Valsts
IT
Likums
GDPRStatuss
FINALApraksts
The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.
Juridiskās atsauces
Art. 5 (1)Art. 9Art. 25Art. 32
Jautājumi un pārkāpumi
Insufficient technical and organisational measures to ensure information security