ASST di Lodi – €1,000 Fine (Italy, 2022)

€1,000Garante per la protezione dei dati personali26 April 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ASST di Lodi, a healthcare facility in Italy, was fined EUR 1,000 for mishandling patient data. The facility shared medical information without consent, using a family member not authorized to receive it. This incident underscores the need for strict data protection in healthcare settings.

What happened

ASST di Lodi shared a patient's medical information with an unauthorized family member without consent.

Who was affected

A patient whose medical information was shared without consent by the healthcare facility.

What the authority found

The Italian DPA determined that the healthcare facility processed personal data without a valid legal basis, violating GDPR rules.

Why this matters

Healthcare providers must ensure they have proper consent and security measures when handling patient data. This case highlights the critical importance of protecting sensitive health information.

GDPR Articles Cited

Art. 9(GDPR)
Art. 32(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll ASST di Lodi actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 1,000 on ASST di Lodi. The healthcare facility had reported a data breach to the DPA pursuant to Art. 33 GDPR. A patient had provided two contacts for their medical affairs. The facility had been explicitly authorized to obtain medical information of the patient from these two persons in case of emergency. In the context of an important diagnostic examination of the patient, the two authorized contacts were not reachable, so a healthcare facility employee asked a family member they personally knew for the information. During its investigation, the DPA found that the healthcare facility processed the data subject's information without the data subject's consent and, therefore, without a valid legal basis. In addition, the DPA concluded that the healthcare facility had not taken appropriate technical and organizational measures to protect personal data in order to prevent such incidents.

Related Enforcement Actions (0)

No other enforcement actions found for ASST di Lodi in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 April 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€1,000

Enforcement Tracker ID

ETid-1158

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ASST di Lodi - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: