Iceland
Primary Health Care in the Capital Area
34,300 €
GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2025-02-17.
Rank · Sector
#80
of 270 in Health Care
Rank · Iceland
#6
of 22
Rank · All fines
#870
of 3,050
Case details
- Authority
- Icelandic data protection authority ('Persónuvernd')
- Date
- 2025-02-17
- Controller / Processor
- Primary Health Care in the Capital Area
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Icelandic DPA has imposed a fine of EUR 34,300 on the Primary Health Care in the Capital Area. The controller processed personal and health data in shared medical record systems by merging its medical records with those of other parties and granting them access to its patients' records.
Open original source
Links to the regulator's original publication or another source.
Related fines
Iceland
2023-06-27
257,000 €
ETid-1952
Creditinfo Lánstraust hf.
Finance, Insurance and Consulting
Iceland
2023-07-03
81,000 €
ETid-1940
Heilsuveru
Health Care
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
2021-06-15
34,000 €
ETid-740
Huppuís ehf
Employment