Azienda Ospedaliero Universitaria Senese
€50,000
Non-compliance with general data processing principles
Dátum rozhodnutia
27. januára 2021
Úrad
Italian Data Protection Authority (Garante)
IT
Sektor
Health Care
Krajina
IT
Právo
GDPRStav
FINALPopis
The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria Senese EUR 50,000. The controller, a hospital, had reported to the Italian DPA that a couple's medical report had been mistakenly sent to an uninvolved third party. The report contained information about a genetic consultation and the health status and sex life of the data subjects. The incident occurred due to an error in packaging the letter, according to a statement from the controller.
Právne citácie
Art. 5 (1)Art. 9
Problémy a porušenia
Non-compliance with general data processing principles