Hospital

€400K($432K USD)final

Date Issued

2018-07-17

Regulation

GDPR

Authority

Portuguese Data Protection Authority (CNPD)

Country

Portugal

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

The hospital was found to create fake doctor profiles for the personnel to unlawfully access patient data. The management system found 985 registered doctors when the hospital only had 296 doctors.

Articles Violated

Art. 5 (1) f) GDPRArt. 32 GDPR

View Source Document →

Other Fines for Hospital

Date	Regulation	Amount (USD)	Type
2019-11-18	GDPR	$97.2	Non-compliance with subjects' rights protection safeguards
2019-11-18	GDPR	$97	Non-compliance with subjects' rights protection safeguards
2018-07-17	GDPR	$432,000	Failure to implement sufficient measures to ensure information security