Sahlgrenska University Hospital – €341,300 Fine (Sweden, 2020)

€341,300Integritetsskyddsmyndigheten3 December 2020Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Sahlgrenska University Hospital in Sweden was fined for not protecting patient data properly. They failed to control who could access sensitive information, which could lead to privacy breaches. This case highlights the importance of securing patient data in healthcare settings.

What happened

Sahlgrenska University Hospital did not implement adequate security measures to protect patient data, allowing unnecessary access to sensitive information.

Who was affected

Patients whose data was stored in the hospital's information systems were affected by the lack of security measures.

What the authority found

The Swedish DPA found that the hospital failed to ensure information security, violating GDPR's requirements for data protection and access control.

Why this matters

This case underscores the critical need for healthcare providers to implement strict access controls and conduct risk analyses to protect patient data. It serves as a warning to other hospitals to review their data security practices.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Sahlgrenska University Hospital actions
Full Legal Summary
Detailed

The Swedish DPA (Integritetsskyddsmyndigheten) fined Sahlgrenska University Hospital SEK 3,500,000 (EUR 341,300) for failing to implement adequate technical and organizational measures to ensure information security. It was found that there was no risk analysis regarding the access to patient data. Authorizations for users of the hospital information systems Melior and Nationell patientöversikt were not assigned according to the principle of minimum access. This gave users full access to confidential patient data that they did not need for work purposes. In addition, the Melior hospital information system did not keep records of when and for what purpose patient data was accessed.

Related Enforcement Actions (0)

No other enforcement actions found for Sahlgrenska University Hospital in SE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

3 December 2020

Authority

Integritetsskyddsmyndigheten

Fine Amount

€341,300

Enforcement Tracker ID

ETid-471

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sahlgrenska University Hospital - Sweden (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: