Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 2,000 on Società triveneta di chirurgia. A physician had shown slides of a clinical case at a congress, which were subsequently published on the controller’s website. The slides contained personal data of a patient, such as the patient’s initials, age, gender, a detailed history of the pathology suffered by the patient, details of admissions from 1980 to 2016 and the surgical procedures performed during this period, indicating the date of admission and surgery, the surgical department that performed the procedures, the days spent in hospital, numerous diagnostic images, and 22 photographs showing the patient during the surgeries. At no time had the data subject consented to such processing of his personal data. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 2,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/