Unknown

€19,000

Insufficient fulfilment of data breach notification obligations

Datum för beslut

5 januari 2021

Myndighet

Polish National Personal Data Protection Office (UODO)

PL

Sektor

Not assigned

Land

CZ

Lag

GDPR

Status

FINAL

Beskrivning

The Polish DPA (UODO) imposed a fine of EUR 19,000 on a hospital operator. A former employee had unlawfully copied the personal data of 100 patients from the hospital's computer network. The leaked data included the social security number, name, date of birth, address and telephone number of the data subjects. Although the controller considered the potential risk to the data subjects to be high, she had not informed the data subjects about the incident. The DPA then requested the controller to immediately inform the data subjects about the incident and provide them with advice on how to minimize the potential negative impact of the breach. However, the controller did not comply with this request.

Rättsliga hänvisningar

Art. 34 (1)Art. 58 (2)

Frågor och överträdelser

Insufficient fulfilment of data breach notification obligations
Visa officiellt dokument
Tillbaka till databasen för böter
Föregående Fine
Polish National Personal Data Protection Office (U...
Nästa Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Håll dig uppdaterad om efterlevnaden av sekretessreglerna

Vi respekterar din integritet. Ett e-postmeddelande per månad, ingen skräppost, avsluta prenumerationen när som helst.