Details:
| Summary | The Romanian DPA has fined a dentist EUR 1,000. The controller had published medical information of a patient, such as photos and X-rays, in an article on a medical blog. However, it had failed to obtain the patient’s consent before publishing the medical data. Therefore, the DPA found that the controller had unlawfully processed the data. |
| Link: | link |
| Related articles: | Art. 6 (1) a) GDPR, Art. 9 (2) a) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 1,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/