Menzis – €50,000 Fine (Netherlands, 2018)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Menzis was fined for not properly protecting medical data. This matters because it highlights the importance of keeping sensitive information safe, especially in the healthcare sector. Companies need to ensure they follow data protection rules to avoid penalties.
What happened
Menzis was fined for failing to adequately protect medical data.
Who was affected
Patients whose medical data was processed by Menzis.
What the authority found
The authority found that Menzis did not meet the required security standards for handling sensitive data under GDPR.
Why this matters
This case shows that companies in the healthcare industry must prioritize data security. It serves as a reminder for all businesses to implement strong data protection measures.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
Translated summary by the AP (The Netherlands):https://autoriteitpersoonsgegevens.nl/nl/nieuws/sancties-voor-menzis-en-vgz-voor-overtreding-van-de-privacywet In 2018, the Authority for Personal Data (AP) imposed a penalty payment on two health insurers, VGZ and Menzis, for failure to comply with the Privacy Act. Both health insurers were negligent in the processing of medical data. For example, the authorisation policy was not in order, there was no proper logging, and marketing staff also had incorrect access to health data of insured parties. In order to ensure that health insurers set up their systems to prevent unauthorised access to personal data, the AP imposed a penalty payment on them. Menzis did not comply with the entire order on time. The AP therefore collected a penalty payment of €50,000 at the beginning of 2019. The health insurers have since changed their working methods. The AP has investigated how health insurers collect and process medical data. The AP carried out a survey of the four largest health insurers, which together account for almost 90% of the market. In doing so, the AP looked at, among other things, purpose limitation (health data are used for marketing purposes) and authorisation policy (which persons have access to medical data). The AP found that none of the health insurers had used the insured person's medical data for marketing purposes. The AP investigated the working methods of health insurers following an enforcement request from Vrijbit. Burden of a penalty payment for Menzis At Menzis, one of the health insurers, the AP found that marketing staff had access to medical data, whereas according to the policy of the health insurer this should not be possible. It has not been established that these employees actually used the insured's medical data for marketing purposes. As the technical measures at Menzis were insufficient to ensure that employees did not have access to more data than necessary for their work, the AP imposed an o
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Menzis in NL
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Menzis - Netherlands (2018). Retrieved from cookiefines.eu
Last updated: