Medical laboratory – €20,000 Fine (Belgium, 2022)

€20,000Autorité de Protection des Données19 August 2022Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian medical lab was fined €20,000 for failing to protect patient data on its website. The lab didn't encrypt sensitive information and didn't have a privacy policy. This case highlights the importance of securing personal data and being transparent about data practices.

What happened

The medical laboratory allowed access to patient data without encryption and lacked a privacy statement on its website.

Who was affected

Patients whose personal data could be accessed by physicians on the lab's website.

What the authority found

The Belgian DPA found the lab violated GDPR by not conducting a data protection impact assessment and failing to secure personal data.

Why this matters

This ruling emphasizes the need for medical services to encrypt sensitive data and clearly communicate their data practices. It serves as a reminder for businesses to regularly assess their data protection measures.

GDPR Articles Cited

Art. 12(GDPR)
Art. 13(GDPR)
Art. 14(GDPR)
Art. 32(GDPR)
Art. 5(1)(f) GDPR
Art. 35(1) GDPR
Belgium enforcementAutorité de Protection des Données actionsAll Medical laboratory actions
Full Legal Summary
Detailed

The Belgian DPA imposed a fine of EUR 20,000 on a medical laboratory. During its investigation, the DPA found that the laboratory had failed to conduct a data protection impact assessment and thus violated Art. 35 GDPR. In addition, the laboratory had violated, Art. 5 (1) f) GDPR and Art. 32 GDPR, as it was possible for physicians to view patients' personal data on the website without encryption. Finally, the DPA found that the laboratory had not published a privacy statement on its website, in violation of Art. 12 GDPR, Art. 13 GDPR and Art. 14 GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for Medical laboratory in BE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 August 2022

Authority

Autorité de Protection des Données

Fine Amount

€20,000

Enforcement Tracker ID

ETid-1438

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Medical laboratory - Belgium (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: