Penalty against Dutch hospital
The Dutch Data Protection authority investigated that a hospital in The Hague does not adequately protect patient records. So several employees accessed the record of a celebrity. There were no security measures to effectively protect the health data, which is personal data of a special category.
In addition to the fine imposed, the authority announced another measure. If the hospital has not significantly improved security by 2nd October 2019, the authority will impose a further fine of € 100,000 (up to a maximum of € 300,000) every two weeks until the necessary measures have been implemented.
For the second time, a hospital in has been the subject of a severe fine. A hospital in Portugal had already paid € 400,000 for a similar incident (see https://easygdpr.eu/gdpr-incident/strafe-gegen-krankenhaus/).
Type of Issue:
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph: