Enforcement
EN Dentist: Insufficient legal basis for data processing
€1,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has fined a dentist EUR 1,000. The controller had published medical information of a patient, such as photos and X-rays, in an article on a medical blog. However, it had failed to obtain the patient's consent before publishing the medical data. Therefore, the DPA found that the controller had unlawfully processed the data.
GDPR Articles: Art. 6 (1) a) GDPR, Art. 9 (2) a) GDPR
Industry: Health Care