Details:
| Summary | The Italian DPA has imposed a fine of EUR 100,000 on the Veneto Region. The DPA had received a complaint from dozens of medical and nursing staff. During its investigation, the DPA found that the Region, in the context of Covid-19 containment measures, had provided lists of information on unvaccinated employees to various healthcare facilities and the physicians in charge there. The DPA found that the Region did not have a valid legal basis for such systematic disclosure of the lists to the physicians and that only the disclosure of the lists to the health authorities was covered by the legal decree in force at the time. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 100,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/