Details:

Summary Marketing staff had access to patient data. Among other things, this violated the purpose limitation principle.
Link: link
Related articles:  Art. 5 GDPR
Type: Non-compliance with general data processing principles
Fine: EUR 50,000
Sector Finance, Insurance and Consulting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law