Details:
| Summary | The Italian DPA imposed a fine of EUR 40,000 on ISWEB S.p.A.. The fine is related to a fine against the healthcare facility Azienda ospedaliera di Perugia. ISWEB had provided the healthcare facility with the web application for its whistleblower system.
During an investigation at the healthcare facility, the DPA identified multiple GDPR violations related to the whistleblower system. The DPA’s investigation took place as part of a series of inspections addressing whistleblower system data processing at employers. In relation to ISWEB, the DPA found that they had used an external provider to host the whistleblower systems. However, ISWEB failed to provide the external provider with specific instructions for the processing of data subjects’ data, as well as to inform the health care facility of the same. |
| Link: | link link |
| Related articles: | Art. 28 GDPR |
| Type: | Insufficient data processing agreement |
| Fine: | EUR 40,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/