hospital fines

A Hospital in Portugal receives a fine of 400.000 EUR

Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for the GDPR infringement. The hospital publicly announced that it will contest the fine.

The CNPD carried out an investigation at the hospital which revealed that the hospital’s staff, psychologists, dietitians, and other professionals had access to patient data through false profiles.  The profile management system appeared deficient – the hospital had 985 registered doctor profiles while only having 296 doctors.  Moreover, doctors had unrestricted access to all patient files, regardless f the doctor’s speciality.  The CNPD reportedly concluded that the hospital did not put in place appropriate technical and organizational measures to protect patient data

In its defence, the hospital indicated that it uses the IT system provided to public hospitals by the Portuguese Health Ministry. However, it was the hospital’s responsibility to ensure that the IT system it uses complies with the GDPR.

LEARNING TIP:  In order to avoid any security breaches caused by unauthorized access, mishandle and loss of personal data kept in the server or cloud, organizations must implement and technical security measures.  Read more about GDPR compliance for the Healthcare sector.

 

Full story
Portuguese hospital appeals GDPR fine

Subscribe to our Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Latest Blog Posts

Data Processing Agreement (DPA)

It’s practically not possible to run a business without processing personal data and exchanging it with other businesses. It may be website analytics software, cloud

Read More »
first fine in Lithuania

First GDPR fine issued in Lithuania

A year after GDPR came into force, the Lithuanian Data Protection Authority (VDAI) has issued its first administrative fine. UAB ‘Mister Tango’, a company that provides financial

Read More »

Zpracovává vaše společnost osobní údaje?


Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje

 

Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 


Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?


Kas teie ettevõte kogub ja töötleb isikuandmeid?


Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?


Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data