I.S.P.R.O. – €7,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Italian healthcare facility, I.S.P.R.O., was fined €7,000 for sending a patient's medical records to the wrong person by email. This matters because it highlights the importance of keeping sensitive health information secure and private. Businesses handling personal data should ensure they have strong safeguards to prevent such mistakes.
What happened
I.S.P.R.O. mistakenly emailed a patient's medical records to another person.
Who was affected
Patients whose medical records were wrongly sent to someone else.
What the authority found
The Italian DPA found that I.S.P.R.O. failed to protect personal data, violating GDPR's security and confidentiality requirements.
Why this matters
This case underscores the need for healthcare providers to implement strict data protection measures. It serves as a reminder that even small errors can lead to significant privacy breaches and penalties.
GDPR Articles Cited
The Italian DPA (Garante) has imposed a fine of EUR 7,000 on the oncology health care facility I.S.P.R.O.. An individual had mistakenly received medical records from another patient via e-mail.
Related Enforcement Actions (0)
No other enforcement actions found for I.S.P.R.O. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 October 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€7,000
Enforcement Tracker ID
ETid-1528
About this data
Cite as: Cookie Fines. I.S.P.R.O. - Italy (2022). Retrieved from cookiefines.eu
Last updated: