Eurosanità S.P.A. – €120,000 Fine (Italy, 2022)

€120,000Garante per la protezione dei dati personali15 December 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Eurosanità S.P.A. was fined EUR 120,000 after a person received someone else's medical records by mistake. The company didn't have enough safeguards to protect personal data. This case shows the need for strong data protection measures in healthcare settings.

What happened

Eurosanità S.P.A. failed to protect personal data, resulting in a person receiving another individual's medical records.

Who was affected

Individuals whose medical records were not adequately protected, leading to unauthorized disclosure.

What the authority found

The Italian DPA found that Eurosanità S.P.A. did not implement sufficient technical and organizational measures to safeguard personal data.

Why this matters

This case emphasizes the critical need for healthcare providers to implement robust data protection measures to prevent unauthorized access and disclosure of sensitive information.

GDPR Articles Cited

AI-verified

Art. 5(GDPR)
Art. 9(GDPR)
Art. 32(GDPR)
View original scraped data
Art. 5 GDPR
Art. 9 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
national law identified
amount discrepancy
Italy enforcementGarante per la protezione dei dati personali actionsAll Eurosanità S.P.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 120,000 on Eurosanità S.P.A.. The controller operates various healthcare facilities. An individual had filed a complaint with the DPA for mistakenly receiving a document that contained medical records of another individual. The DPA found that the controller had not taken sufficient technical and organizational measures to protect personal data in order to avoid such incidents.

Related Enforcement Actions (0)

No other enforcement actions found for Eurosanità S.P.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 December 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€120,000

Enforcement Tracker ID

ETid-1762

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Eurosanità S.P.A. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: