Belgium
Medical laboratory
20,000 €
GDPR enforcement action by Belgian Data Protection Authority (APD) on 2022-08-19.
Rank · Sector
#98
of 270 in Health Care
Rank · Belgium
#20
of 50
Rank · All fines
#1,061
of 3,050
Case details
- Authority
- Belgian Data Protection Authority (APD)
- Date
- 2022-08-19
- Controller / Processor
- Medical laboratory
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 32 GDPR, Art. 35 (1), (3) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Belgian DPA imposed a fine of EUR 20,000 on a medical laboratory.
During its investigation, the DPA found that the laboratory had failed to conduct a data protection impact assessment and thus violated Art. 35 GDPR.
In addition, the laboratory had violated, Art. 5 (1) f) GDPR and Art. 32 GDPR, as it was possible for physicians to view patients' personal data on the website without encryption.
Finally, the DPA found that the laboratory had not published a privacy statement on its website, in violation of Art. 12 GDPR, Art. 13 GDPR and Art. 14 GDPR.
Open original source
Links to the regulator's original publication or another source.
Related fines
Belgium
2020-07-14
600,000 €
ETid-344
Google Belgium SA
Media, Telecoms and Broadcasting
Belgium
2022-04-04
200,000 €
ETid-1116
Brussels Airport Zaventem
Transportation and Energy
Belgium
2024-12-17
200,000 €
ETid-2521
Hospital
Health Care
Belgium
2026-05-12
177,000 €
ETid-3172
Technology Company
Employment
Belgium
2024-01-16
174,640 €
ETid-2225
Black Tiger Belgium
Industry and Commerce
Belgium
2026-05-12
120,000 €
ETid-3174
Isabel SA
Finance, Insurance and Consulting