Skip to content
Enforcement
EN

Azienda Ospedaliero Universitaria di Parma: Non-compliance with general data processing principles

€10,000 fine - Italian Data Protection Authority (Garante)

€10,000 Fine
Azienda Ospedaliero Universitaria di Parma
ITALY
Non-compliance with general data processing principles

Content

The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria di Parma EUR 50,000. The controller, a hospital, had reported two data breaches to the Italian DPA in which patient data was mistakenly disclosed to third parties. In the first incident, parents found the report of a microbiological examination of another patient in the file of their minor child. The report revealed the data subject´s name, tax number, address, birth date and various health data. In the second incident, the heir of a patient received the health report of another patient, which contained the name and birth date as well as data on the health status of the data subject.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
Industry: Health Care