Ospedaliero-Universitaria Careggi: Insufficient technical and organisational measures to ensure information security

The Italian DPA has imposed a fine of EUR 80,000 on the Ospedaliero-Universitaria Careggi. The controller, a university hospital, used software that allowed medical personnel to search through the data subject's history, even if this was unrelated to the specific medical treatment.

GDPR Articles: Art. 5 (1) a), e), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR
Industry: Health Care