Università Campus Bio-medico di Roma (Polyclinic)
€20,000
Non-compliance with general data processing principles
決定日期
2020年10月26日
權限
Italian Data Protection Authority (Garante)
IT
部門
Public Sector and Education
國家
IT
法律
GDPR狀態
FINAL說明
In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.
法律引文
Art. 5 (2)Art. 9
問題與違規
Non-compliance with general data processing principles