Medicals Nordic I/S – €80,700 Fine (Denmark, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Denmark's Datatilsynet fined Medicals Nordic I/S EUR 80,700 for using WhatsApp to share sensitive health data without proper security. Employees at test centers shared confidential information with others who didn't need it, including ex-employees. This case highlights the importance of secure communication methods for handling personal data.
What happened
Medicals Nordic I/S used WhatsApp to share confidential health data among employees, including those who didn't need access.
Who was affected
Citizens tested at Medicals Nordic's centers had their health and personal identity information shared improperly.
What the authority found
The Danish DPA found that Medicals Nordic shared sensitive data without proper security measures, violating data protection rules.
Why this matters
This case emphasizes the need for companies to use secure communication channels and manage access rights carefully, especially for sensitive data. It serves as a warning to businesses handling personal information to ensure they have robust data protection practices.
The Danish DPA (Datatilsynet) has fined Medicals Nordic I/S EUR 80,700. In January 2021, the DPA became aware that Medicals Nordic was using WhatsApp to transmit confidential information and health data about citizens being tested in the company's test centres. All employees working in a test centre were invited to a WhatsApp group associated with the test centre. The members of these WhatsApp groups received all the messages transmitted by other employees in the groups. The employees shared confidential information about citizens to the company's central administration through those WhatsApp groups. This meant that employees who, did not have a work-related need to process information - which other employees had to transmit to the central administration - nevertheless received the information, which included, inter alia, personal identity numbers and health data of citizens.
Related Enforcement Actions (0)
No other enforcement actions found for Medicals Nordic I/S in DK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
9 July 2021
Authority
Datatilsynet (Denmark)
Fine Amount
€80,700
Enforcement Tracker ID
ETid-757
About this data
Cite as: Cookie Fines. Medicals Nordic I/S - Denmark (2021). Retrieved from cookiefines.eu
Last updated: