Medical association

€3,000

Insufficient legal basis for data processing

Decision Date

9 de maio de 2024

Authority

Italian Data Protection Authority (Garante)

IT

Sector

Health Care

Country

IT

Law

GDPR

Status

FINAL

Description

The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspended them for not fulfilling the COVID-19 vaccination obligation and also informed their employer of this. An email from the association requesting notification of the employer was inadvertently sent to other individuals, as a result of which their email addresses and vaccination status became known.

Legal Citations

Art. 5 (1)Art. 6Art. 2

Issues & Violations

Insufficient legal basis for data processing
View Official Document
Back to Fines Database
Previous Fine
Italian Data Protection Authority (Garante) - Azzu...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.