Details:
| Summary | The DPA from Hamburg has imposed a fine of EUR 1,400 on a Covid-19 test center. The controller intended to fulfill its statutory documentation obligations and scanned the front and back of ID cards of tested persons for this purpose. However, such extensive storage of personal data would not have been necessary to fulfill its documentation obligations. This could and should have been known to the controller. |
| Link: | link |
| Related articles: | Art. 6 (1) c) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 1,400 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/