Università Campus Bio-medico di Roma (Polyclinic)
€20,000
Non-compliance with general data processing principles
Lēmuma datums
2020. gada 26. oktobris
Iestāde
Italian Data Protection Authority (Garante)
IT
Nozare
Public Sector and Education
Valsts
IT
Likums
GDPRStatuss
FINALApraksts
In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.
Juridiskās atsauces
Art. 5 (2)Art. 9
Jautājumi un pārkāpumi
Non-compliance with general data processing principles