Details:
| Summary | The Icelandic DPA has imposed a fine of EUR 10,600 on HEI – Medical Travel. A data subject had filed a complaint with the DPA against the controller.
The controller had gained access to the data subject’s email via the Icelandic Medical Association’s internal website and had then sent them unsolicited emails. The DPA found that such access was unlawful due to the lack of a valid legal basis. In addition, the data subject had asked the controller for information about the processing of their personal data, such as the origin of the e-mail address. The controller did not properly comply with this request. |
| Link: | link |
| Related articles: | Art. 15 (1), (3) GDPR, Art. 9 (1) Act 90/2018, Art. 17 (2) Act 90/2018 |
| Type: | Insufficient fulfilment of data subjects rights |
| Fine: | EUR 10,600 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/