Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) – €80,000 Fine (Italy, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Italian data protection authority fined a private hospital €80,000 for exposing personal data of competition participants online. The hospital failed to secure the data and did not fulfill its information obligations. This case emphasizes the need for organizations to have strong data protection agreements and security measures.
What happened
A private hospital exposed personal data of competition participants online due to a configuration error.
Who was affected
Participants in a public competition whose personal data was exposed by the hospital.
What the authority found
The Italian data protection authority fined the hospital €80,000 for failing to protect personal data and not complying with information obligations under GDPR.
Why this matters
This ruling shows the importance of having robust data protection agreements and security measures in place. Organizations must ensure compliance with GDPR to avoid significant fines and protect personal data.
GDPR Articles Cited
According to the data protection authority, personal information about participants in a public competition had been unlawfully disclosed online. The reason for this was that, due to a configuration error, a list of the codes assigned to the candidates was temporarily accessible on the platform, which allowed access to the documents submitted by the candidates with their personal data. This was a violation of the principle of protection of information security. In addition, the data protection authority found that the information obligations were also not complied with and that the hospital had also not provided a sufficient data processing agreement with the data processor [which was also fined, see fine for 'Scanshare'] in accordance with Art. 28 GDPR.
Related Enforcement Actions (0)
No other enforcement actions found for Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
30 September 2020
Authority
Garante per la protezione dei dati personali
Fine Amount
€80,000
Enforcement Tracker ID
ETid-406
About this data
Cite as: Cookie Fines. Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) - Italy (2020). Retrieved from cookiefines.eu
Last updated: