Details:
| Summary | The Spanish DPA has imposed a finea INSTITUT MARQUÉS OBSTETRICIA I GINECOLOGIA, S.L.P. The controller had suffered a data breach in which personal patient and employee data had been unlawfully accessed. During its investigation, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. The DPA also found that the controller failed to properly inform data subjects about the data breach. The original fine of EUR 80,000 was reduced to EUR 48,000 due to voluntary payment and acknowledgement of responsibility. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 32 GDPR, Art. 34 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 48,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/