Chat with us, powered by LiveChat

easyGDPR

We make implementing General Data Protection Regulation Easy

by

Punishment against hospital

A hospital in Portugal was sentenced to a fine for failing to comply with the GDPR. The Portuguese data protection authority noted that access to medical data was not limited to doctors and other medical personnel, but users with the “technician” profile could also indefinitely view patient medical records. Furthermore, it was found that approximately 900 active user accounts with the profile “doctor” were present, although the hospital employs only about 300 doctors.

Decision data:
17.07.2018

Country:
Portugal

Type of Issue:
technical deficiency

Number of involved data records:
unknown

Special category of data involved:
Yes

Fine:
€ 400,000,-

Violation of GDPR Paragraph:

32. Security of processing

Reference:
heise.de News (german)

Category iconUncategorized