Details:
| Summary | The Spanish DPA has imposed a fine on DENTALCUADROS BCN S.L.P.. The controller had suffered a cyberattack in which patient data was unlawfully accessed. During its investigation, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. In addition, the controller failed to report the data breach to the DPA in a timely manner. The original fine of EUR 20,000 was reduced to EUR 12,000 due to voluntary payment and acknowledgement of responsibility. |
| Link: | link |
| Related articles: | Art. 32 GDPR, Art. 33 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 12,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/