Penalty against hospital
A hospital in Portugal was fined for non-compliance with the GDPR. The data protection authority in Portugal found that access to medical data was not restricted to doctors and other medical staff, but that users with the profile “technician” were also able to view patients’ medical records without restriction.Furthermore, it was found that there were approximately 900 active user accounts with the profile “doctor”, although the hospital only employs approximately 300 doctors.
Entscheidungsdatum:
17.07.2018
Land:
Portugal
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 400,000,-
Violation of GDPR Paragraph:
32. Security of processing
Quelle:
Heise.de Newsticker