Aleris Sjukvård AB – €1,168,000 Fine (Sweden, 2020)

€1,168,000Integritetsskyddsmyndigheten3 December 2020Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Aleris Sjukvård AB was fined over 1 million euros for not protecting patient data properly. The company failed to limit access to sensitive information, allowing employees to see more than they needed for their jobs. This case highlights the importance of securing personal data in healthcare settings.

What happened

Aleris Sjukvård AB did not implement proper security measures, allowing unnecessary access to patient data.

Who was affected

Patients whose confidential data was accessible to employees without a need for such access.

What the authority found

The Swedish DPA found that Aleris Sjukvård AB violated GDPR by not ensuring adequate security and limiting access to patient data.

Why this matters

This case underscores the need for healthcare providers to conduct risk analyses and restrict data access to only those who need it. It serves as a warning to other companies to review their data security practices.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Aleris Sjukvård AB actions
Full Legal Summary
Detailed

The Swedish DPA (Integritetsskyddsmyndigheten) fined Aleris Sjukvård AB SEK 12,000,000 (EUR 1,168,000) for failing to implement adequate technical and organizational measures to ensure information security. It was found that there was no risk analysis regarding the access to patient data. Authorizations for users of the hospital information system Nationell patientöversikt (NPÖ) were not assigned according to the principle of minimum access. This gave users full access to confidential patient data that they did not need for work purposes.

Related Enforcement Actions (1)

Other enforcement actions involving Aleris Sjukvård AB in SE

Fine
Dec 2020· Integritetsskyddsmyndigheten

The Swedish DPA (Integritetsskyddsmyndigheten) fined Aleris Sjukvård AB SEK 15,000,000 (EUR 1,463,000) for failing to implement adequate technical and...

€1.5M
Current
Dec 2020

Fine

€1.2M

Details

Fine Date

3 December 2020

Authority

Integritetsskyddsmyndigheten

Fine Amount

€1,168,000

Enforcement Tracker ID

ETid-467

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Aleris Sjukvård AB - Sweden (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: