Enforcement
EN Azienda Socio Sanitaria Territoriale Rhodense: Insufficient technical and organisational measures to ensure information security
€3,000 fine - Italian Data Protection Authority (Garante)
Content
The Italian DPA has fined Azienda Socio Sanitaria Territoriale Rhodense EUR 3,000. The healthcare facility had reported the loss of a patient's medical record. The file contained personal data such as surname, first name, gender, date and place of birth, tax number, place of residence, telephone numbers of the data subject. The DPA determined that the incident was caused by a lack of technical and organizational measures to protect personal data at the healthcare facility.
GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Industry: Health Care