Physician – €2,000 Fine (Italy, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A physician was fined €2,000 for not properly deleting a patient's personal data after the retention period ended. This is important because it emphasizes the need for healthcare providers to respect patients' privacy rights and follow data protection laws.
What happened
The physician failed to delete a patient's personal data when it was no longer needed and did not provide a clear privacy notice.
Who was affected
Patients whose personal data was not deleted as required by law were affected.
What the authority found
The Italian DPA ruled that the physician violated GDPR by not adequately responding to a data deletion request and lacking a proper privacy notice.
Why this matters
This case serves as a reminder for healthcare providers to have clear data management practices. It shows that failing to protect patient data can lead to penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The Italian DPA has imposed a fine of EUR 2,000 on a physician. The controller failed to adequately respond to a data subject's request to delete their personal data after the retention period ended. The controller also failed to provide data subjects with an adequate privacy notice.
Related Enforcement Actions (4)
Other enforcement actions involving Physician in IT
Fine
€2K
Details
Fine Date
26 March 2026
Authority
Garante per la protezione dei dati personali
Fine Amount
€2,000
Enforcement Tracker ID
ETid-3166
About this data
Cite as: Cookie Fines. Physician - Italy (2026). Retrieved from cookiefines.eu
Last updated: