Germany
Covid-19 test center
2,700 €
GDPR enforcement action by Data Protection Authority of Hamburg on 2022.
Rank · Sector
#214
of 270 in Health Care
Rank · Germany
#85
of 116
Rank · All fines
#2,157
of 3,050
Case details
- Authority
- Data Protection Authority of Hamburg
- Date
- 2022
- Controller / Processor
- Covid-19 test center
- Sector
- Health Care
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The DPA of Hamburg has imposed a fine of EUR 2,700 on a Covid-19 test center. The test center had send the data subjects an unencrypted e-mail containing a URL that allowed them to access the test result without taking any further security measures. In some cases, the download link was structured in a way that led to the download of a PDF file with the file name corresponding to the last name of the person tested. With knowledge of the directory path, it was therefore possible to view third-party test results.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate