Penalty against Dutch hospital
The Dutch data protection authority found that a hospital in The Hague was not adequately protecting patient records. This is how several employees viewed a celebrity’s file. No safeguards existed to effectively protect health data, which are special category personal data.
In addition to the fine imposed, the authority announced another measure. If the hospital has not significantly improved safety by October 2, 2019, then the authority will impose a further fine of €100,000 (up to a maximum of €300,000) every two weeks until the required measures have been implemented.
This is the second time that a hospital in The Hague has been fined heavily. A hospital in Portugal has already had to pay €400,000 for a similar incident (see https://easygdpr.e u/de/gdpr-incident/strafe-gegen-krankenhaus/).
Art des Verstoßes:
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph: