Details:
| Summary | The Finnish DPA has fined a medical clinic EUR 5,000. A customer of the clinic had complained to the DPA that he had not received access to his medical records from the clinic following a request for information. In addition, the clinic failed to adequately inform its clients about the processing of personal data. Specifically, the DPA points out that the clinic did not inform its clients about the extent to which it was acting as a data controller for patient data generated by its activities. |
| Link: | link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 12 (1), (2), (3), (4) GDPR, Art. 13 (1), (2) GDPR, Art. 15 (1), (3) GDPR, Art. 25 GDPR |
| Type: | Insufficient fulfilment of information obligations |
| Fine: | EUR 5,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/