Enforcement
EN Medical association: Insufficient legal basis for data processing
€3,000 fine - Italian Data Protection Authority (Garante)
Content
The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspended them for not fulfilling the COVID-19 vaccination obligation and also informed their employer of this. An email from the association requesting notification of the employer was inadvertently sent to other individuals, as a result of which their email addresses and vaccination status became known.
GDPR Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy
Industry: Health Care