Hungary

Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest)

27,700 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2021-03-24.

Rank · Sector

#88

of 270 in Health Care

Rank · Hungary

#18

of 75

Rank · All fines

#936

of 3,050

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2021-03-24
Controller / Processor: Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest)
Sector: Health Care
Quoted Articles: Art. 32 (1) a), b) GDPR, Art. 32 (2) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Hungarian DPA (NAIH) has fined the XI District Office of the Government of Budapest EUR 27,700.The controller had emailed health data regarding Covid-19 rapid tests, as well as the contact details of the people tested, to doctors in a single Excel file, unencrypted and without any further measures to ensure confidentiality. The DPA found that the controller had failed to implement technical and organizational measures that ensured the protection of personal data. In addition, the controller failed to inform the DPA and the data subjects about the data violations.

Open original source Links to the regulator's original publication or another source.