Support Centre

You have 1 out of 10 free articles left for the week

Click here gain access to unlimited articles

Upgrade Now

Continue reading on DataGuidance with:

Limited Articles


Gain free access to limited white papers, reports, infographics, and regulatory updates and guidance.

Norway: Datatilsynet notifies decision to impose NOK 1.2M fine on Østfold HF Hospital

The Norwegian data protection authority ('Datatilsynet') announced, on 1 July 2020, its decision to impose a NOK 1,200,000 (approx. €111,680) penalty on Østfold HF Hospital for its data storage practices in violation of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), and sent a letter ('the Letter') notifying the hospital of its intention. In particular, Datatilsynet highlighted that after assessing a non-conformity report from the hospital, it found that in the period 2013-2019, Østfold HF Hospital had stored patient data, including sensitive data, such as the cause of hospital admission, without controlling the access to the folders where the data was stored. Therefore, Datatilsynet decided that the hospital had not implemented sufficient technical and organisational measures to safeguard personal data and, therefore, acted in contravention of the GDPR and the Patient Records Act.

Datatilsynet requested that Østfold HF Hospital provide comments to its Letter by 5 August 2020.

You can read the Letter, only available in Norwegian, here