Disregard of the duty to inform after data theft
A former employee of Magdeburg University Hospital is suspected of having accessed and passed on personal address and registration data without authorization via her official access, possibly for politically motivated reasons. The terminated employee is assigned to the left-wing extremist scene. The data concerned is said to contain mainly registration data of persons close to the right-wing scene or the AfD. The incident is also linked to a robbery of a Leipzig real estate agent in 2019.
As a result of this data theft, Magdeburg University Hospital faces further consequences. The hospital’s board of directors is accused of not having informed the responsible data protection officer of Saxony-Anhalt about this incident. Although the investigation into the employee began in May 2021, the report to the agency was not made until October. Concealment is now punishable by a fine of 9,000 euros.
Entscheidungsdatum:
19.12.2022
Land:
Germany
Art des Verstoßes:
Theft of Data
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 9,000,-
Violation of GDPR Paragraph:
33. Notification of a personal data breach to the supervisory authority