Germany
Doctor´s Office
2,500 €
GDPR enforcement action by Data Protection Authority of Hessen on 2024.
Rank · Sector
#217
of 270 in Health Care
Rank · Germany
#87
of 116
Rank · All fines
#2,181
of 3,042
Case details
- Authority
- Data Protection Authority of Hessen
- Date
- 2024
- Controller / Processor
- Doctor´s Office
- Sector
- Health Care
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The DPA of Hessen has imposed a fine of EUR 2,500 on a doctor´s office. The controller hired an office manager who worked partly from home. The manager worked with patient files, which he stored at home. However, he did not lock or otherwise secure the files, which resulted in guests and family members having access to them. On one occasion, the manager asked his wife to send him photos of some files via a private messaging service because he had left them in his car, which his wife was using for a long trip.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate