Østfold HF Hospital – €112,000 Fine (Norway, 2020)

€112,000Datatilsynet (Norway)22 June 2020Norway
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Norwegian hospital was fined for not securing patient data properly, leaving sensitive information like reasons for hospital visits unprotected. This is important because it shows how crucial it is to safeguard personal data, especially in healthcare settings. Hospitals and similar organizations must implement strong security measures to protect patient privacy.

What happened

Østfold HF Hospital stored patient data without adequate access controls, leaving sensitive information exposed.

Who was affected

Patients whose sensitive data, including reasons for hospitalization, were stored insecurely by the hospital.

What the authority found

The Norwegian authority determined that the hospital failed to protect personal data adequately, violating GDPR's requirements for technical and organizational security measures.

Why this matters

This case highlights the critical need for healthcare providers to secure patient data rigorously. It serves as a warning that inadequate data protection can lead to significant fines and emphasizes the importance of robust data security practices.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Patient Records Act
Source verified 6 March 2026
national law identified
Norway enforcementDatatilsynet (Norway) actionsAll Østfold HF Hospital actions
Full Legal Summary
Detailed

It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.

Related Enforcement Actions (0)

No other enforcement actions found for Østfold HF Hospital in NO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

22 June 2020

Authority

Datatilsynet (Norway)

Fine Amount

€112,000

Enforcement Tracker ID

ETid-321

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Østfold HF Hospital - Norway (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: