Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 5,000 on the Foundation for Religion and Worship ‘Casa sollievo della sofferenza’ Opera di San Pio da Pietrelcina. On January 31, 2020, the controller notified the DPA of a personal data breach under Art. 33 GDPR. Documents containing information about the health status of the data subject had been accidentally sent by mail to the wrong addressee. This had happened due to a mix-up: An invoice had previously been sent not to the data subject, but to another person with the same name, whose address had then been used for further correspondence with the data subject. |
| Link: | link |
| Related articles: | Art. 5 (1) a), f) GDPR, Art. 9 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 5,000 |
| Sector | Individuals and Private Associations |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/