Penalty against Dutch hospital

The Dutch data protection authority found that a hospital in The Hague was not adequately protecting patient records. This is how several employees viewed a celebrity’s file. No safeguards existed to effectively protect health data, which are special category personal data.

In addition to the fine imposed, the authority announced another measure. If the hospital has not significantly improved safety by October 2, 2019, then the authority will impose a further fine of €100,000 (up to a maximum of €300,000) every two weeks until the required measures have been implemented.

This is the second time that a hospital in The Hague has been fined heavily. A hospital in Portugal has already had to pay €400,000 for a similar incident (see https://easygdpr.e u/de/gdpr-incident/strafe-gegen-krankenhaus/).

Penalties have also already been imposed in the Czech Republic and Cyprus .

Entscheidungsdatum:
16.07.2019

Land:
Netherlands

Art des Verstoßes:
technical deficiency

Betroffene Datensätze:
unknown

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 460,000,-

Violation of GDPR Paragraph:
unknown

Quelle:
Decision of the Dutch data protection authority (Flemish)