Università Campus Bio-medico di Roma (Polyclinic) – €20,000 Fine (Italy, 2020)

€20,000Garante per la protezione dei dati personali26 October 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An Italian polyclinic was fined EUR 20,000 after a data breach allowed patients to see other patients' health data on their smartphones. This matters because it shows the importance of securing IT systems to protect sensitive health information.

What happened

A data breach at Università Campus Bio-medico di Roma allowed patients to access the health data of 74 other patients.

Who was affected

Patients accessing their medical reports online were affected, as they could see other patients' personal health information.

What the authority found

The Italian data protection authority found that the polyclinic failed to protect personal health data, violating GDPR's requirements for data security and integrity.

Why this matters

This case underscores the critical need for healthcare providers to ensure robust IT security measures are in place to protect patient data. It serves as a warning that human errors in system integration can lead to serious data breaches.

GDPR Articles Cited

Art. 9 GDPR
Art. 5(2)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Università Campus Bio-medico di Roma (Polyclinic) actions
Full Legal Summary
Detailed

In a data breach notification pursuant to Art. 33 GDPR, the data protection authority found that patients accessing their online medical reports via their smartphones could also access personal health data of 74 other patients. According to the polyclinic, the reason for this was a human error in the integration of two IT systems.

Related Enforcement Actions (0)

No other enforcement actions found for Università Campus Bio-medico di Roma (Polyclinic) in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 October 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€20,000

Enforcement Tracker ID

ETid-433

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Università Campus Bio-medico di Roma (Polyclinic) - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: