Enforcement
EN

Casa di Cura Città di Roma: Insufficient technical and organisational measures to ensure information security

€12,000 fine - Italian Data Protection Authority (Garante)

€12,000 Fine
Casa di Cura Città di Roma
ITALY
Insufficient technical and organisational measures to ensure information security
Sep 11, 2025 Source

Content

The Italian DPA has imposed a fine of EUR 12,000 on the Casa di Cura Città di Roma. The controller used patient management software that gave users access to excessive amounts of patient data.

GDPR Articles: Art. 5 (1) a), b), c), e), f), (2) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR
Industry: Health Care