GDPR fine after Facebook posting

A doctor has published excerpts of patient letters and other medical records on Facebook for several months. Viewers were able to identify patient names, diagnoses, medication data, social security numbers and some other data from patients and treating physicians.

The Austrian Data Protection Authority therefore imposed a fine of €600, – on the doctor.

Entscheidungsdatum:
19.10.2020

Land:
Austria

Art des Verstoßes:
Illegal data processing

Betroffene Datensätze:
unknown

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 600,-

Violation of GDPR Paragraph:

5. Principles relating to personal data processing
9. Processing of special categories of personal data

Quelle:
Decision text in the legal information system .