Private healthcare provider

€387

Insufficient technical and organisational measures to ensure information security

Data da decisão

1 de janeiro de 2020

Autoridade

Czech Data Protection Auhtority (UOOU)

CZ

Setor

Health Care

País

CZ

Lei

GDPR

Status

FINAL

Descrição

The Czech DPA (UOOU) conducted an investigation against the operator of a non-governmental medical facility following a security breach. The operator offers a range of diagnostic tests to patients. The results of the tests are subsequently communicated on its website to both patients and physicians who recommended the tests. The reported security breach involved an attack on the operator's website by an unknown individual. Following this incident, the operator stopped operating the website in question and proposed technical measures to increase security. However, the DPA still found that other websites operated by the same operator had the same shortcomings. Yet, the operator did not restrict their operation nor did it take any new technical measures. As a consequence, the UOOU imposed a fine of EUR 387.

Citações legais

Art. 24Art. 32 (1)

Problemas e violações

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Voltar ao banco de dados de multas
Multa anterior
Czech Data Protection Auhtority (UOOU) - Ski renta...
Próxima multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Mantenha-se atualizado sobre a aplicação da privacidade

Respeitamos sua privacidade. Um e-mail por mês, sem spam, cancele sua inscrição a qualquer momento.