Iceland
National Center of Addiction Medicine ('SAA')
20,600 €
GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2020-03-10.
Rank · Sector
#95
of 270 in Health Care
Rank · Iceland
#11
of 22
Rank · All fines
#1,020
of 3,050
Case details
- Authority
- Icelandic data protection authority ('Persónuvernd')
- Date
- 2020-03-10
- Controller / Processor
- National Center of Addiction Medicine ('SAA')
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
Persónuvernd noted that a former employee of the SAA received boxes of allegedly personal belongings that he had left there, but which also contained patient data, including the health records of 252 former patients and documents with the names of about 3,000 people who had participated in rehabilitation for alcohol and drug abuse.
Open original source
Links to the regulator's original publication or another source.
Related fines
Iceland
2023-06-27
257,000 €
ETid-1952
Creditinfo Lánstraust hf.
Finance, Insurance and Consulting
Iceland
2023-07-03
81,000 €
ETid-1940
Heilsuveru
Health Care
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
2025-02-17
34,300 €
ETid-2602
Primary Health Care in the Capital Area
Health Care