Iceland
HEI – Medical Travel
10,600 €
GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2022-05-03.
Rank · Sector
#127
of 270 in Health Care
Rank · Iceland
#18
of 22
Rank · All fines
#1,305
of 3,042
Case details
- Authority
- Icelandic data protection authority ('Persónuvernd')
- Date
- 2022-05-03
- Controller / Processor
- HEI – Medical Travel
- Sector
- Health Care
- Quoted Articles
- Art. 15 (1), (3) GDPR, Art. 9 (1) Act 90/2018, Art. 17 (2) Act 90/2018
- Type of violation
- Insufficient fulfilment of data subjects rights
Summary
The Icelandic DPA has imposed a fine of EUR 10,600 on HEI - Medical Travel. A data subject had filed a complaint with the DPA against the controller.
The controller had gained access to the data subject's email via the Icelandic Medical Association's internal website and had then sent them unsolicited emails. The DPA found that such access was unlawful due to the lack of a valid legal basis.
In addition, the data subject had asked the controller for information about the processing of their personal data, such as the origin of the e-mail address. The controller did not properly comply with this request.
Open original source
Links to the regulator's original publication or another source.
Related fines
Iceland
2023-06-27
257,000 €
ETid-1952
Creditinfo Lánstraust hf.
Finance, Insurance and Consulting
Iceland
2023-07-03
81,000 €
ETid-1940
Heilsuveru
Health Care
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
2025-02-17
34,300 €
ETid-2602
Primary Health Care in the Capital Area
Health Care