Penalty against Dutch hospital
The Dutch data protection authority found that a hospital in The Hague was not adequately protecting patient records. This is how several employees viewed a celebrity’s file. No safeguards existed to effectively protect health data, which are special category personal data.
In addition to the fine imposed, the authority announced another measure. If the hospital has not significantly improved safety by October 2, 2019, then the authority will impose a further fine of €100,000 (up to a maximum of €300,000) every two weeks until the required measures have been implemented.
This is the second time that a hospital in The Hague has been fined heavily. A hospital in Portugal has already had to pay €400,000 for a similar incident (see https://easygdpr.e u/de/gdpr-incident/strafe-gegen-krankenhaus/).
Penalties have also already been imposed in the Czech Republic and Cyprus .
Entscheidungsdatum:
16.07.2019
Land:
Netherlands
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 460,000,-
Violation of GDPR Paragraph:
unknown
Quelle:
Decision of the Dutch data protection authority (Flemish)