Ospedaliero-Universitaria Careggi
€80,000
Insufficient technical and organisational measures to ensure information security
Data deciziei
4 august 2025
Autoritatea
Italian Data Protection Authority (Garante)
IT
Sector
Health Care
Țara
IT
Legea
GDPRStatut
FINALDescriere
The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.
Citări juridice
Art. 5 (1)Art. 9Art. 25Art. 32
Probleme și încălcări
Insufficient technical and organisational measures to ensure information security