Private healthcare provider

€387

Insufficient technical and organisational measures to ensure information security

Beslissingsdatum

1 januari 2020

Autoriteit

Czech Data Protection Auhtority (UOOU)

CZ

Sector

Health Care

Land

CZ

Wet

GDPR

Status

FINAL

Beschrijving

The Czech DPA (UOOU) conducted an investigation against the operator of a non-governmental medical facility following a security breach. The operator offers a range of diagnostic tests to patients. The results of the tests are subsequently communicated on its website to both patients and physicians who recommended the tests. The reported security breach involved an attack on the operator's website by an unknown individual. Following this incident, the operator stopped operating the website in question and proposed technical measures to increase security. However, the DPA still found that other websites operated by the same operator had the same shortcomings. Yet, the operator did not restrict their operation nor did it take any new technical measures. As a consequence, the UOOU imposed a fine of EUR 387.

Juridische citaten

Art. 24Art. 32 (1)

Problemen en overtredingen

Insufficient technical and organisational measures to ensure information security
Officieel document bekijken
Terug naar de database met boetes
Vorige boete
Czech Data Protection Auhtority (UOOU) - Ski renta...
Volgende boete
Data Protection Authority of Hamburg (HmbBfDI) - C...

Blijf op de hoogte van privacybescherming

We respecteren je privacy. Eén e-mail per maand, geen spam, afmelden kan altijd.