Italy Italy

Azienda Ospedaliero Universitaria di Parma

10,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2021-01-27.

Rank · Sector
#129
of 270 in Health Care
Rank · Italy
#260
of 543
Rank · All fines
#1,336
of 3,050

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2021-01-27
Controller / Processor
Azienda Ospedaliero Universitaria di Parma
Sector
Health Care
Quoted Articles
Art. 5 (1) f) GDPR, Art. 9 GDPR
Type of violation
Non-compliance with general data processing principles

Summary

The Italian DPA (Garante) fined Azienda Ospedaliero Universitaria di Parma EUR 50,000. The controller, a hospital, had reported two data breaches to the Italian DPA in which patient data was mistakenly disclosed to third parties. In the first incident, parents found the report of a microbiological examination of another patient in the file of their minor child. The report revealed the data subject´s name, tax number, address, birth date and various health data. In the second incident, the heir of a patient received the health report of another patient, which contained the name and birth date as well as data on the health status of the data subject.

Open original source Links to the regulator's original publication or another source.

Related fines

Italy
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting
Back to all fines