Health insurance provider: Non-compliance with general data processing principles

The Hungarian DPA has imposed a fine of EUR 1,200 on a health insurance provider. The insurer had published the result of a Covid-19 test of the data subject on its website. This would have allowed unauthorized persons to access the personal data of the data subject. In addition, the insurer had not adequately cooperated with the agency during the DPA's investigation.

GDPR Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 12 (3), (4) GDPR, Art. 31 GDPR
Industry: Health Care