National Center of Addiction Medicine ('SAA') – €20,600 Fine (Iceland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The National Center of Addiction Medicine in Iceland was fined because a former employee received boxes containing sensitive patient data by mistake. This incident stresses the importance of handling personal data carefully to avoid breaches.
What happened
A former employee received boxes containing sensitive patient data, including health records.
Who was affected
Former patients and participants in rehabilitation programs whose health records and names were improperly handled.
What the authority found
The Icelandic authority determined that the National Center of Addiction Medicine failed to protect personal data, violating GDPR's security requirements.
Why this matters
This case serves as a reminder for organizations to implement strict data handling and disposal procedures to prevent unauthorized access to sensitive information.
GDPR Articles Cited
Persónuvernd noted that a former employee of the SAA received boxes of allegedly personal belongings that he had left there, but which also contained patient data, including the health records of 252 former patients and documents with the names of about 3,000 people who had participated in rehabilitation for alcohol and drug abuse.
Related Enforcement Actions (0)
No other enforcement actions found for National Center of Addiction Medicine ('SAA') in IS
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 March 2020
Authority
Persónuvernd
Fine Amount
€20,600
Enforcement Tracker ID
ETid-233
About this data
Cite as: Cookie Fines. National Center of Addiction Medicine ('SAA') - Iceland (2020). Retrieved from cookiefines.eu
Last updated: