Azienda Ospedaliero Universitaria Senese: Non-compliance with general data processing principles

The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria Senese EUR 50,000. The controller, a hospital, had reported to the Italian DPA that a couple's medical report had been mistakenly sent to an uninvolved third party. The report contained information about a genetic consultation and the health status and sex life of the data subjects. The incident occurred due to an error in packaging the letter, according to a statement from the controller.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
Industry: Health Care