Details:
| Summary | Between February and June 2020, a private individual published information about patients on his personal Facebook page. The information included health data in terms of Art. 4 (15) GDPR. In detail, the published data comprised patient names, diagnostic findings, medical diagnoses, medication data, data on hospital admissions and discharges, patients’ social security numbers and the names of the treating physicians. |
| Link: | link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 600 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/