Manx Care Ltd

€202,000

Non-compliance with general data processing principles

Decision Date

13 de julho de 2022

Authority

Information Commissioner of Isle of Man

IM

Sector

Health Care

Country

IM

Law

GDPR

Status

FINAL

Description

The DPA of Isle of Man has imposed a fine of EUR 202,000 on Manx Care Ltd. Manx Care had emailed an unsecured attachment containing a patient's confidential health information to more than 1870 recipients. The DPA had subsequently issued an enforcement notice against Manx Care. However, Manx Care had failed to comply with the DPA's orders. As a result, the DPA came to the decision to impose a fine on the company. The DPA primarily found that the company had failed to implement appropriate technical and organizational measures to protect personal data. Also, the DPA found that the company had violated the principle of data minimization according to Art. 5 (1) c) GDPR by sending the patient's data to persons not related to the patient's care. Finally, the DPA found that the company had not informed the data subject of the data breach.

Legal Citations

Art. 5 (1)Art. 5 (2)Art. 24Art. 25Art. 32Art. 34Art. 58

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - DKV Seg...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.