Italy

A.S.L. Napoli 1 Centro

1,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2022-01-13.

Rank · Sector

#198

of 213 in Employment

Rank · Italy

#513

of 543

Rank · All fines

#2,626

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2022-01-13
Controller / Processor: A.S.L. Napoli 1 Centro
Sector: Employment
Quoted Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy
Type of violation: Insufficient legal basis for data processing

Summary

The Italian DPA (Garante) has imposed a fine of EUR 1,000 on A.S.L. Napoli 1 Centro. An employee at the health authority had filed a complaint with the DPA against the authority.An employee at the health authority had filed a complaint with the DPA against the authority. The health authority had published a press release on its website containing personal data of the data subject and information about a disciplinary procedure.The health authority believed that the publication was lawful since the data subject had already given this information to the press, which in turn had published a report on the matter. However, the DPA concluded that the authority still needed a valid legal basis for the publication, regardless of whether the information had already been published on other media.

Open original source Links to the regulator's original publication or another source.