Ospedaliero-Universitaria Careggi
€80,000
Insufficient technical and organisational measures to ensure information security
Дата принятия решения
4 августа 2025 г.
Авторитет
Italian Data Protection Authority (Garante)
IT
Сектор
Health Care
Страна
IT
Закон
GDPRСтатус
FINALОписание
The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.
Юридические цитаты
Art. 5 (1)Art. 9Art. 25Art. 32
Проблемы и нарушения
Insufficient technical and organisational measures to ensure information security