Medical laboratory

€20,000

Insufficient technical and organisational measures to ensure information security

Data decyzji

19 sierpnia 2022

Władza

Belgian Data Protection Authority (APD)

BE

Sektor

Health Care

Kraj

BE

Prawo

GDPR

Status

FINAL

Opis

The Belgian DPA imposed a fine of EUR 20,000 on a medical laboratory. During its investigation, the DPA found that the laboratory had failed to conduct a data protection impact assessment and thus violated Art. 35 GDPR. In addition, the laboratory had violated, Art. 5 (1) f) GDPR and Art. 32 GDPR, as it was possible for physicians to view patients' personal data on the website without encryption. Finally, the DPA found that the laboratory had not published a privacy statement on its website, in violation of Art. 12 GDPR, Art. 13 GDPR and Art. 14 GDPR.

Cytaty prawne

Art. 5 (1)Art. 12Art. 13Art. 14Art. 32Art. 35 (1)

Problemy i naruszenia

Insufficient technical and organisational measures to ensure information security
Zobacz oficjalny dokument
Powrót do bazy danych grzywien
Previous Fine
French Data Protection Authority (CNIL) - ACCOR SA...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bądź na bieżąco z egzekwowaniem przepisów dotyczących prywatności

Szanujemy Twoją prywatność. Jeden e-mail miesięcznie, bez spamu, zrezygnuj z subskrypcji w dowolnym momencie.