Doctor – €3,000 Fine (France, 2020)

€3,000Commission Nationale de l'Informatique et des Libertés17 December 2020France
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A French doctor was fined EUR 3,000 for not securing patient data on his computer, allowing unauthorized access for four months. The data included sensitive medical images and personal information. This case shows the importance of securing personal data, especially in healthcare settings.

What happened

A doctor failed to secure patient data, leading to unauthorized access to medical images and personal information.

Who was affected

Patients whose medical images and personal data were stored insecurely on the doctor's computer.

What the authority found

The French authority found the doctor violated GDPR by not taking appropriate security measures to protect patient data.

Why this matters

This case serves as a reminder that healthcare providers must implement strong security measures to protect patient data. Ensuring data security is crucial to prevent unauthorized access and potential breaches.

GDPR Articles Cited

Art. 32 GDPR
Art. 33 GDPR
France enforcementCommission Nationale de l'Informatique et des Libertés actionsAll Doctor actions
Full Legal Summary
Detailed

The French DPA (CNIL) fined a doctor EUR 3,000 for violations of Art. 32 GDPR and Art. 33 GDPR. The controller had stored medical image data as MRI and X-ray images as well as personal data such as the names, dates of birth and treatment data of his patients on his computer. The controller had not taken appropriate technical measures to ensure the security of the data, and as a consequence, access to his patients' data was possible for anyone without access protection. The data protection authority notes that the data had been exposed for about four months.

Related Enforcement Actions (1)

Other enforcement actions involving Doctor in FR

Fine
Dec 2020· Commission Nationale de l'Informatique et des Libertés

The French DPA (CNIL) fined a doctor EUR 6,000 for violations of Art. 32 GDPR and Art. 33 GDPR. The controller had stored medical image data such as M...

€6K
Current
Dec 2020

Fine

€3K

Details

Fine Date

17 December 2020

Authority

Commission Nationale de l'Informatique et des Libertés

Fine Amount

€3,000

Enforcement Tracker ID

ETid-490

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Doctor - France (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: