Penalty against Dutch hospital

The Dutch Data Protection authority investigated that a hospital in The Hague does not adequately protect patient records. So several employees accessed the record of a celebrity. There were no security measures to effectively protect the health data, which is personal data of a special category.

In addition to the fine imposed, the authority announced another measure. If the hospital has not significantly improved security by 2nd October 2019, the authority will impose a further fine of € 100,000 (up to a maximum of € 300,000) every two weeks until the necessary measures have been implemented.

For the second time, a hospital in has been the subject of a severe fine. A hospital in Portugal had already paid € 400,000 for a similar incident (see https://easygdpr.eu/en/gdpr-incident/strafe-gegen-krankenhaus/).

Penalties have also been imposed in the Czech Republic and Cyprus.

Entscheidungsdatum:
16.07.2019

Land:
Netherlands

Art des Verstoßes:
technical deficiency

Betroffene Datensätze:
unknown

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 460,000,-

Violation of GDPR Paragraph:
unknown

Quelle: