University Hospital of the Medical University of Warsaw – €2,120 Fine (Poland, 2022)

€2,120Urząd Ochrony Danych Osobowych6 July 2022Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The University Hospital of the Medical University of Warsaw was fined for not reporting a data breach where a patient received another patient's personal information by mistake. This matters because it highlights the importance of promptly notifying both affected individuals and authorities about data breaches. Small businesses should ensure they have procedures in place to handle such incidents.

What happened

The hospital failed to inform a patient and the authorities about a data breach involving personal information being sent to the wrong person.

Who was affected

Patients at the University Hospital of the Medical University of Warsaw whose personal data was mishandled.

What the authority found

The Polish DPA found that the hospital did not fulfill its obligation to report the data breach to the affected patient and the DPA, violating GDPR rules.

Why this matters

This case underscores the need for organizations to have clear protocols for reporting data breaches to both individuals and authorities. It serves as a reminder that even small oversights in data handling can lead to fines and reputational damage.

GDPR Articles Cited

Art. 33 GDPR
Art. 34 GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll University Hospital of the Medical University of Warsaw actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 2,120 on the University Hospital of the Medical University of Warsaw. The university hospital had suffered a data breach in which a patient had received a referral from a doctor that contained, among other things, personal data (name, address, etc.) of another patient. The DPA found that neither the doctor nor the hospital informed the patient or the DPA about the data breach.

Related Enforcement Actions (0)

No other enforcement actions found for University Hospital of the Medical University of Warsaw in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

6 July 2022

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€2,120

Enforcement Tracker ID

ETid-1317

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. University Hospital of the Medical University of Warsaw - Poland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: