Details:
| Summary | The Italian DPA has imposed a fine of EUR 13,000 on Azienda socio sanitaria locale n. 3 di Nuoro. An individual had filed a complaint with the DPA because the health authority had published their personal data (date of birth, residence, health-related data) on the internet in the context of a medication request. In the course of its investigation, the DPA found that the controller had published the data without a valid legal basis and therefore had acted unlawfully. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 2-septies (8) Codice della privacy |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 13,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/