University Hospital of the Medical University of Warsaw: Insufficient fulfilment of data breach notification obligations

The Polish DPA has imposed a fine of EUR 2,120 on the University Hospital of the Medical University of Warsaw. The university hospital had suffered a data breach in which a patient had received a referral from a doctor that contained, among other things, personal data (name, address, etc.) of another patient. The DPA found that neither the doctor nor the hospital informed the patient or the DPA about the data breach.

GDPR Articles: Art. 33 GDPR, Art. 34 GDPR
Industry: Health Care