Enforcement
EN Azienda Sanitaria Locale Roma: Insufficient legal basis for data processing
€46,000 fine - Italian Data Protection Authority (Garante)
Content
The Italian DPA has fined Azienda Sanitaria Locale Roma EUR 46,000. The healthcare facility had published the names and health information of 1337 patients on its website. In most cases, this involved the health records of the data subjects, including medical documents, disability assessments, tests, technical reports, etc.... In this context, the DPA found that the healthcare institution had processed the data unlawfully as well as violated principle of data minimization.
GDPR Articles: Art. 5 (1) c) GDPR, Art. 6 (1) c), d) GDPR, Art. 6 (2), (3) GDPR, Art. 9 (1), (2), (4) GDPR, Art. 2-ter (1), (2) Codice della privacy, Art. 2-septies (8) Codice della privacy
Industry: Health Care