Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Italy: Garante fines Azienda Ospedaliera Universitaria €30,000 for GDPR violation
The Italian data protection authority ('Garante') announced, on 18 February 2020, that it had published in its monthly newsletter ('the Newsletter') a decision ('the Decision') fining the Azienda Ospedaliero Universitaria Integrata di Verona €30,000 for violating Article 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Decision highlights that access to employee health data had been made with the credentials of a doctor, and that a trainee and a radiologist had accessed the health records of their colleagues. In addition, the Decision outlines that the technical and organisational measures adopted by the hospital to protect its health record had not proved suitable to ensure adequate protection of patient personal data, and to protect such data from unauthorised treatment, resulting in unlawful data processing.
You can read the Newsletter here and the Decision here, both only available in Italian.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
