Details:
| Summary | The Dutch DPA (AP) has fined an orthodontic clinic EUR 12,000. The web form that new patients used to sign up contained mandatory fields for all sorts of patient personal data. The data that the patients (mostly children) entered into the form was then sent to the orthodontic clinic via an unencrypted – and thus unsecured – connection. This presented the risk of unauthorized third parties accessing the personal data of the data subjects. |
| Link: | link |
| Related articles: | Art. 32 (1) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 12,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/