Hospital: Insufficient fulfilment of data breach notification obligations

The Polish DPA has fined a district hospital in Września EUR 6,900 for failing to report a data breach to the DPA and data subjects in a timely manner. A patient had accidentally received another individual's medical records and was able to access their personal data.

GDPR Articles: Art. 33 (1) GDPR, Art. 34 (1), (2) GDPR
Industry: Health Care