The Netherlands
Orthodontic Clinic
12,000 €
GDPR enforcement action by Dutch Supervisory Authority for Data Protection (AP) on 2021-02-04.
Rank · Sector
#123
of 270 in Health Care
Rank · The Netherlands
#41
of 43
Rank · All fines
#1,261
of 3,042
Case details
- Authority
- Dutch Supervisory Authority for Data Protection (AP)
- Date
- 2021-02-04
- Controller / Processor
- Orthodontic Clinic
- Sector
- Health Care
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Dutch DPA (AP) has fined an orthodontic clinic EUR 12,000. The web form that new patients used to sign up contained mandatory fields for all sorts of patient personal data. The data that the patients (mostly children) entered into the form was then sent to the orthodontic clinic via an unencrypted - and thus unsecured - connection. This presented the risk of unauthorized third parties accessing the personal data of the data subjects.
Open original source
Links to the regulator's original publication or another source.
Related fines
The Netherlands
2024-07-22
290,000,000 €
ETid-2447
Uber Technologies Inc., Uber B.V.
Employment
The Netherlands
2026-04-01
100,000,000 €
ETid-3171
Ridetech International B.V.
Transportation and Energy
The Netherlands
2024-05-16
30,500,000 €
ETid-2448
Clearview AI Inc.
Industry and Commerce
The Netherlands
2023-12-11
10,000,000 €
ETid-2199
Uber Technologies Inc.
Uber B.V.
Employment
The Netherlands
2024-11-26
4,750,000 €
ETid-2507
Netflix International B.V.
Media, Telecoms and Broadcasting
The Netherlands
2022-04-07
3,700,000 €
ETid-1124
Dutch Tax and Customs Administration
Public Sector and Education