Details:
| Summary | In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems. |
| Link: | link |
| Related articles: | Art. 5 (2) a), f) GDPR, Art. 9 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 20,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/