Details:
| Summary | The Italian DPA has fined Azienda Sanitaria Locale Roma EUR 46,000. The healthcare facility had published the names and health information of 1337 patients on its website. In most cases, this involved the health records of the data subjects, including medical documents, disability assessments, tests, technical reports, etc…. In this context, the DPA found that the healthcare institution had processed the data unlawfully as well as violated principle of data minimization. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR, Art. 6 (1) c), d) GDPR, Art. 6 (2), (3) GDPR, Art. 9 (1), (2), (4) GDPR, Art. 2-ter (1), (2) Codice della privacy, Art. 2-septies (8) Codice della privacy |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 46,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/