Italy Italy

Azienda sanitaria universitaria Friuli Occidentale

50,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2022-05-26.

Rank · Sector
#67
of 270 in Health Care
Rank · Italy
#114
of 543
Rank · All fines
#716
of 3,050

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2022-05-26
Controller / Processor
Azienda sanitaria universitaria Friuli Occidentale
Sector
Health Care
Quoted Articles
Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Italian DPA imposed a fine of EUR 50,000 on the healthcare facility Azienda sanitaria universitaria Friuli Occidentale. Employees of the healthcare facility had accessed patients' health data even though they were not involved in the treatment of the patients and such access was not required. During its investigation, the DPA found that the healthcare facility's IT platform allowed any employee to access patients' personal data, even if they did not actually treat certain patients. In addition, the DPA found that the health care facility's IT platform did not install systems that indenfied improper use of the personal data.

Open original source Links to the regulator's original publication or another source.

Related fines

Italy
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting
Back to all fines