Doctor – €6,000 Fine (France, 2020)

€6,000Commission Nationale de l'Informatique et des Libertés17 December 2020France
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A French doctor was fined EUR 6,000 for not securing patient data stored on a server. This lapse allowed unauthorized access to sensitive medical information. It shows the critical need for healthcare providers to protect patient privacy with strong security measures.

What happened

A doctor stored patient data on an unsecured server, risking unauthorized access.

Who was affected

Patients whose medical images and personal details were stored insecurely.

What the authority found

The French DPA determined the doctor failed to secure patient data, violating GDPR's data security requirements.

Why this matters

This action highlights the importance of data security in healthcare, reminding practitioners to safeguard patient information. It emphasizes the need for secure storage solutions to prevent data breaches.

GDPR Articles Cited

Art. 32 GDPR
Art. 33 GDPR
France enforcementCommission Nationale de l'Informatique et des Libertés actionsAll Doctor actions
Full Legal Summary
Detailed

The French DPA (CNIL) fined a doctor EUR 6,000 for violations of Art. 32 GDPR and Art. 33 GDPR. The controller had stored medical image data such as MRI and X-ray images as well as personal data such as names, dates of birth and treatment data of his patients on a server in order to be able to access them from his home computer. A review of the controller's systems had revealed that access to the server was not properly secured. This would have allowed anyone to access his patients' data. Furthermore, the data leak had existed for about five years. The data protection authority therefore found that the doctor had failed to take adequate technical and organisational measures to ensure data security.

Related Enforcement Actions (1)

Other enforcement actions involving Doctor in FR

Fine
Dec 2020· Commission Nationale de l'Informatique et des Libertés

The French DPA (CNIL) fined a doctor EUR 3,000 for violations of Art. 32 GDPR and Art. 33 GDPR. The controller had stored medical image data as MRI an...

€3K
Current
Dec 2020

Fine

€6K

Details

Fine Date

17 December 2020

Authority

Commission Nationale de l'Informatique et des Libertés

Fine Amount

€6,000

Enforcement Tracker ID

ETid-491

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Doctor - France (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: