Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 5,000 on a physician. The controller had shown slides of a clinical case at a congress, which were subsequently published on the website of the Società triveneta di chirurgia. The slides contained personal data of a patient, such as the patient’s initials, age, gender, a detailed medical history of the patient, details of admissions from 1980 to 2016 and surgical procedures performed during that period, indicating the date of admission and the date of surgery, the surgical department that performed the procedures, the days spent in hospital, numerous diagnostic images and 22 photographs showing the patient during the surgeries. At no time had the data subject consented to such processing of his or her personal data. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 5,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/