NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε. – €5,000 Fine (Greece, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hellenic Data Protection Authority fined NOW DOCTOR €5,000 for not deleting a doctor's data when she asked them to. The company took 18 months to remove her information after she stopped working with them. This case highlights the importance of respecting individuals' requests to delete their data promptly.
What happened
NOW DOCTOR delayed deleting a doctor's personal data for 18 months after she requested its removal.
Who was affected
A doctor who no longer wanted her information displayed on the NOW DOCTOR platform.
What the authority found
The authority found that NOW DOCTOR kept the doctor's data longer than necessary and failed to help her exercise her rights under GDPR.
Why this matters
This ruling emphasizes that companies must act quickly to delete personal data when requested, especially when the data is no longer needed. Businesses should ensure they have enough staff to handle data requests efficiently.
GDPR Articles Cited
The Hellenic DPA has imposed a fine of EUR 5,000 on the operator of the medical platform nowdoctor.gr that enables online booking of medical appointments. A doctor had filed a complaint with the DPA. Accordingly, she had repeatedly stated that she no longer wished to work with the controller and requested the deletion of her data on the platform. The controller did not comply with her request. The deletion did not take place until 18 months later, after the DPA requested the controller to do so. The DPA considered this to be a breach of the controller's accountability obligations and found that the controller had stored the data subject's data longer than necessary for the intended purpose. The purpose, namely the provision of online display services, ceased to exist when the data subject declared that she no longer wished to work with the controller. In addition, the DPA finds that the controller failed to take measures with regard to the requirement of Art. 12 GDPR to facilitate the exercise of data subjects' rights. The controller had publicly provided an e-mail address on its website as a means of communication. However, the controller did not have sufficient staff available to actually process the correspondence.
Related Enforcement Actions (0)
No other enforcement actions found for NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε. in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 August 2021
Authority
Hellenic Data Protection Authority
Fine Amount
€5,000
Enforcement Tracker ID
ETid-843
About this data
Cite as: Cookie Fines. NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε. - Greece (2021). Retrieved from cookiefines.eu
Last updated: