Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 45,000 on Istituti ospedalieri bergamaschi. The DPA initiated an investigation against the controller after it reported a data breach to the DPA. A patient had mistakenly received medical records and clinical documentation from seven other patients in his digital medical record. |
| Link: | link |
| Related articles: | Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 45,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/