Italy
Università Campus Bio-medico di Roma (Polyclinic)
20,000 €
GDPR enforcement action by Italian Data Protection Authority (Garante) on 2020-10-26.
Rank · Sector
#122
of 357 in Public Sector and Education
Rank · Italy
#180
of 543
Rank · All fines
#1,035
of 3,050
Case details
- Authority
- Italian Data Protection Authority (Garante)
- Date
- 2020-10-26
- Controller / Processor
- Università Campus Bio-medico di Roma (Polyclinic)
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 (2) a), f) GDPR, Art. 9 GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.
Open original source
Links to the regulator's original publication or another source.
Related fines
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting