Orthodontic Clinic – €12,000 Fine (Netherlands, 2021)

€12,000Autoriteit Persoonsgegevens4 February 2021Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Dutch orthodontic clinic was fined for using an unsecured web form to collect patient data. This is important because it shows the need for secure data handling, especially when dealing with sensitive information like health data. The Dutch Data Protection Authority issued the fine because the clinic's practices risked exposing patient information to unauthorized parties.

What happened

The orthodontic clinic used an unencrypted web form to collect patient data, risking unauthorized access.

Who was affected

New patients, mostly children, who submitted their personal data through the clinic's web form.

What the authority found

The Dutch Data Protection Authority ruled that the clinic failed to secure patient data, violating GDPR's data protection requirements.

Why this matters

This case emphasizes the need for businesses to use secure methods for collecting and transmitting personal data. It serves as a warning to healthcare providers to prioritize data security to protect patient privacy.

GDPR Articles Cited

Art. 32(1) GDPR
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll Orthodontic Clinic actions
Full Legal Summary
Detailed

The Dutch DPA (AP) has fined an orthodontic clinic EUR 12,000. The web form that new patients used to sign up contained mandatory fields for all sorts of patient personal data. The data that the patients (mostly children) entered into the form was then sent to the orthodontic clinic via an unencrypted - and thus unsecured - connection. This presented the risk of unauthorized third parties accessing the personal data of the data subjects.

Related Enforcement Actions (0)

No other enforcement actions found for Orthodontic Clinic in NL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 February 2021

Authority

Autoriteit Persoonsgegevens

Fine Amount

€12,000

Enforcement Tracker ID

ETid-725

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Orthodontic Clinic - Netherlands (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: