Norway
Østfold HF Hospital
112,000 €
GDPR enforcement action by Norwegian Supervisory Authority (Datatilsynet) on 2020-06-22.
Rank · Sector
#35
of 270 in Health Care
Rank · Norway
#14
of 53
Rank · All fines
#451
of 3,050
Case details
- Authority
- Norwegian Supervisory Authority (Datatilsynet)
- Date
- 2020-06-22
- Controller / Processor
- Østfold HF Hospital
- Sector
- Health Care
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.
Open original source
Links to the regulator's original publication or another source.
Related fines
Norway
2021-12-13
6,300,000 €
ETid-950
Grindr LLC
Media, Telecoms and Broadcasting
Norway
2026-06-01
1,820,000 €
ETid-3193
Elkjøp AS
Industry and Commerce
Norway
2023-11-27
1,700,000 €
ETid-2136
Norwegian Labor and Welfare Administration
Public Sector and Education
Norway
2023-02-06
900,000 €
ETid-1656
Sats ASA
Industry and Commerce
Norway
2021-09-27
496,000 €
ETid-851
Ferde AS
Public Sector and Education
Norway
2021-10-18
412,000 €
ETid-878
Østre Toten municipality
Public Sector and Education