Sweden
Dalarna Region
17,900 €
GDPR enforcement action by Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) on 2023-01-17.
Rank · Sector
#110
of 270 in Health Care
Rank · Sweden
#40
of 46
Rank · All fines
#1,142
of 3,050
Case details
- Authority
- Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)
- Date
- 2023-01-17
- Controller / Processor
- Dalarna Region
- Sector
- Health Care
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Swedish DPA has imposed a fine of EUR 17,900 on Dalarna Region. The region had sent out invitations for patient visits where the respective healthcare facility, such as a children's hospital, was visible on the envelope window. The DPA found that this visibility allowed unauthorized persons to gain access to patients' personal data. The DPA concluded that the region had failed to implement adequate technical and organizational measures to protect personal data.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy