Punishment against hospital
A hospital in Portugal was sentenced to a fine for failing to comply with the GDPR. The Portuguese data protection authority noted that access to medical data was not limited to doctors and other medical personnel, but users with the “technician” profile could also indefinitely view patient medical records. Furthermore, it was found that approximately 900 active user accounts with the profile “doctor” were present, although the hospital employs only about 300 doctors.
Entscheidungsdatum:
17.07.2018
Land:
Portugal
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 400,000,-
Violation of GDPR Paragraph:
32. Security of processing
Quelle:
heise.de News (german)