Croatia
Hospital
3,000 €
GDPR enforcement action by Croatian Data Protection Authority (azop) on 2025-03-24.
Rank · Sector
#213
of 270 in Health Care
Rank · Croatia
#34
of 43
Rank · All fines
#2,122
of 3,050
Case details
- Authority
- Croatian Data Protection Authority (azop)
- Date
- 2025-03-24
- Controller / Processor
- Hospital
- Sector
- Health Care
- Quoted Articles
- Art. 13 GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 34 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Croation DPA (AZOP) has imposed a fine of EUR 3,000 on a hospital. Despite the extensive and high-risk processing of health data, the hospital had not implemented sufficient organizational measures to ensure the security of data processing. Specifically, measures to ensure the confidentiality of health information were lacking, which undermined trust in medical services and patient privacy. The hospital was fined for breaching Art. 13, Art.32, Art. 33, and Art. 34(1) GDPR.
Open original source
Links to the regulator's original publication or another source.
Related fines
Croatia
2023-10-05
5,470,000 €
ETid-2063
Debt collection company
Finance, Insurance and Consulting
Croatia
2024-04-22
5,004,000 €
ETid-2303
Unknown
Not assigned
Croatia
2025-11-24
4,500,000 €
ETid-2937
Telecommunications operator (operator of electronic communications networks and services)
Media, Telecoms and Broadcasting
Croatia
2023-05-04
2,265,000 €
ETid-1816
Debt collection agency
Finance, Insurance and Consulting
Croatia
2025-12-18
1,500,000 €
ETid-3102
Bank
Finance, Insurance and Consulting
Croatia
2023-05-18
380,000 €
ETid-1859
Sports betting operator
Industry and Commerce