Skip to content
Enforcement
EN

Medical association: Insufficient legal basis for data processing

€3,000 fine - Italian Data Protection Authority (Garante)

€3,000 Fine
Medical association
ITALY
Insufficient legal basis for data processing

Content

The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspended them for not fulfilling the COVID-19 vaccination obligation and also informed their employer of this. An email from the association requesting notification of the employer was inadvertently sent to other individuals, as a result of which their email addresses and vaccination status became known.

GDPR Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy
Industry: Health Care