Skip to content
Enforcement
EN

Università Campus Bio-medico di Roma (Polyclinic): Non-compliance with general data processing principles

€20,000 fine - Italian Data Protection Authority (Garante)

€20,000 Fine
Università Campus Bio-medico di Roma (Polyclinic)
ITALY
Non-compliance with general data processing principles

Content

In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.

GDPR Articles: Art. 5 (2) a), f) GDPR, Art. 9 GDPR
Industry: Public Sector and Education