Details:
| Summary | The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria Senese EUR 50,000. The controller, a hospital, had reported to the Italian DPA that a couple’s medical report had been mistakenly sent to an uninvolved third party. The report contained information about a genetic consultation and the health status and sex life of the data subjects. The incident occurred due to an error in packaging the letter, according to a statement from the controller. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 9 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 50,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/