Bolzano municipality – €30,000 Fine (Italy, 2023)

€30,000Garante per la protezione dei dati personali23 March 2023Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Bolzano municipality was fined EUR 30,000 for not ensuring the security of patient health records, which led to a data breach. This case stresses the responsibility of organizations to protect personal data, even when using third-party services. Municipalities must ensure their partners follow strict data protection measures.

What happened

Bolzano municipality failed to secure patient health records, resulting in unauthorized access.

Who was affected

Patients whose health records were accessed without permission were affected.

What the authority found

The Italian DPA ruled that Bolzano municipality did not take necessary steps to secure personal data, leading to a breach.

Why this matters

This decision emphasizes that organizations are responsible for ensuring data protection, even when outsourcing services. It serves as a warning to verify that partners comply with data security standards.

GDPR Articles Cited

Art. 25 GDPR
Art. 32 GDPR
Art. 33 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Bolzano municipality actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 30,000 on Bolzano municipality. The Bolzano health authority had reported a data breach to the DPA involving unauthorized access to the health records of a number of patients, which was caused by a deficiency in the electronic health record service that the municipality had delegated to a processor. During its investigation, the DPA found that although the leak occurred at the processor's site, the municipality should have taken appropriate technical and organizational measures to ensure that such incidents would be avoided.

Related Enforcement Actions (0)

No other enforcement actions found for Bolzano municipality in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

23 March 2023

Authority

Garante per la protezione dei dati personali

Fine Amount

€30,000

Enforcement Tracker ID

ETid-1828

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bolzano municipality - Italy (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: