Iceland
Heilsuveru
81,000 €
GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2023-07-03.
Rank · Sector
#44
of 270 in Health Care
Rank · Iceland
#2
of 22
Rank · All fines
#514
of 3,042
Case details
- Authority
- Icelandic data protection authority ('Persónuvernd')
- Date
- 2023-07-03
- Controller / Processor
- Heilsuveru
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 25 GDPR, Art. 32 (1) b), d) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Icelandic DPA has fined Heilsuveru EUR 81,000. The controller had reported a data breach to the DPA, as two unauthorized persons had managed to view personal data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data.
Open original source
Links to the regulator's original publication or another source.
Related fines
Iceland
2023-06-27
257,000 €
ETid-1952
Creditinfo Lánstraust hf.
Finance, Insurance and Consulting
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
2025-02-17
34,300 €
ETid-2602
Primary Health Care in the Capital Area
Health Care
Iceland
2021-06-15
34,000 €
ETid-740
Huppuís ehf
Employment