National Center of Addiction Medicine ('SAA'): Insufficient technical and organisational measures to ensure information security

Persónuvernd noted that a former employee of the SAA received boxes of allegedly personal belongings that he had left there, but which also contained patient data, including the health records of 252 former patients and documents with the names of about 3,000 people who had participated in rehabilitation for alcohol and drug abuse.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Industry: Health Care