NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε.

Summary

The Hellenic DPA has imposed a fine of EUR 5,000 on the operator of the medical platform nowdoctor.gr that enables online booking of medical appointments. A doctor had filed a complaint with the DPA. Accordingly, she had repeatedly stated that she no longer wished to work with the controller and requested the deletion of her data on the platform. The controller did not comply with her request. The deletion did not take place until 18 months later, after the DPA requested the controller to do so. The DPA considered this to be a breach of the controller's accountability obligations and found that the controller had stored the data subject's data longer than necessary for the intended purpose. The purpose, namely the provision of online display services, ceased to exist when the data subject declared that she no longer wished to work with the controller. In addition, the DPA finds that the controller failed to take measures with regard to the requirement of Art. 12 GDPR to facilitate the exercise of data subjects' rights. The controller had publicly provided an e-mail address on its website as a means of communication. However, the controller did not have sufficient staff available to actually process the correspondence.