Details:
| Summary | The DPA of Hessen has fined a Covid-19 test center EUR 16,400. The controller had sent an e-mail containing personal data to several recipients in an open distribution list. The DPA also found that the controller had failed to adequately document the data breach. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR, Art. 33 (1), (5) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 16,400 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/