Details:
| Summary | The Italian DPA has imposed a fine of EUR 6,000 on A.R.N.A.S. Civico. Two employees of the controller had filed a complaint with the DPA. During its investigation, the DPA found that the controller had published two documents containing personal health data of the data subjects on the Internet without their consent, thus making them available to the public. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 2-ter Codice della privacy, Art. 2-septies (8) Codice della privacy |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 6,000 |
| Sector | Employment |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/