Details:
| Summary | The Italian DPA has imposed a fine of EUR 20,000 against Azienda Usl Toscana Sud Est. The controller had put up an information poster in the emergency room showing a healthcare professional at a computer, on which an emergency protocol with the personal data (including health data) of a data subject was visible. In response to a request from the DPA, the healthcare provider explained that the publication of the data was due to mere inattention and that the poster had only been displayed for a few weeks. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c), f) GDPR, Art. 9 GDPR, Art. 25 (1), (2) GDPR, Art. 2-septies (8) Codice della privacy |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 20,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/