Details:
| Summary | The Italian DPA has imposed a fine of EUR 12,000 on Azienda Socio Sanitaria Territoriale Ovest Milanese. The controller had suffered data breaches that affected the privacy of several data subjects. For example, a patient’s health records were given to the wrong patient. In addition, the controller had sent an email regarding Covid-19 behavior in multiple scelrose patients to 198 recipients, allowing all recipients to openly view the other email addresses. In addition, the controller sent an invitation for a disability assessment to the wrong person. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 9 GDPR, Art. 32 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 12,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/