Medicals Nordic I/S
Non-compliance with general data processing principles
Lēmuma datums
2021. gada 9. jūlijs
Iestāde
Danish Data Protection Authority (Datatilsynet)
DK
Nozare
Health Care
Valsts
DK
Likums
GDPRStatuss
FINALApraksts
The Danish DPA (Datatilsynet) has fined Medicals Nordic I/S EUR 80,700. In January 2021, the DPA became aware that Medicals Nordic was using WhatsApp to transmit confidential information and health data about citizens being tested in the company's test centres. All employees working in a test centre were invited to a WhatsApp group associated with the test centre. The members of these WhatsApp groups received all the messages transmitted by other employees in the groups. The employees shared confidential information about citizens to the company's central administration through those WhatsApp groups. This meant that employees who, did not have a work-related need to process information - which other employees had to transmit to the central administration - nevertheless received the information, which included, inter alia, personal identity numbers and health data of citizens.