Capio St. Göran AB – €2,900,000 Fine (Sweden, 2020)

€2,900,000Integritetsskyddsmyndigheten3 December 2020Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Capio St. Göran AB was fined nearly 3 million euros for not securing patient data properly. Employees had access to more patient information than necessary, which could lead to privacy breaches. This action stresses the need for strict data access controls in healthcare.

What happened

Capio St. Göran AB failed to limit employee access to patient data, compromising information security.

Who was affected

Patients whose sensitive information was accessible to employees without a justified need.

What the authority found

The Swedish DPA ruled that Capio St. Göran AB breached GDPR by not implementing adequate security measures to protect patient data.

Why this matters

This fine highlights the critical importance of data protection in healthcare, urging companies to enforce strict access controls and conduct thorough risk assessments.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
amount discrepancy
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Capio St. Göran AB actions
Full Legal Summary
Detailed

The Swedish DPA (Integritetsskyddsmyndigheten) fined Capio St. Göran AB SEK 30,000,000 (EUR 2,900,000) for failing to implement adequate technical and organizational measures to ensure information security. It was found that there was no risk analysis regarding the access to patient data. Authorizations for users of the hospital information systems Cosmic, Nationell patientöversikt and TakeCare were not assigned according to the principle of minimum access. This gave users full access to confidential patient data that they did not need for work purposes.

Related Enforcement Actions (0)

No other enforcement actions found for Capio St. Göran AB in SE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

3 December 2020

Authority

Integritetsskyddsmyndigheten

Fine Amount

€2,900,000

Enforcement Tracker ID

ETid-473

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Capio St. Göran AB - Sweden (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: