Details:
| Summary | The Italian DPA imposed a fine of EUR 18,000 on Cluster S-r.l. A data subject had complained to the DPA because their son’s health-related data and their own personal data had been published on the internet. The controller had organized a medical training event at which documents containing personal data of the data subject and their deceased son were forwarded to the participants without sufficient anonymization. Some documents were later published on the internet by a third party. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 32 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 18,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/