Skip to content
Enforcement
EN

Dentist: Insufficient legal basis for data processing

€1,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

€1,000 Fine
Dentist
ROMANIA
Insufficient legal basis for data processing

Content

The Romanian DPA has fined a dentist EUR 1,000. The controller had published medical information of a patient, such as photos and X-rays, in an article on a medical blog. However, it had failed to obtain the patient's consent before publishing the medical data. Therefore, the DPA found that the controller had unlawfully processed the data.

GDPR Articles: Art. 6 (1) a) GDPR, Art. 9 (2) a) GDPR
Industry: Health Care