Sjúkratyringur Íslands – €13,400 Fine (Iceland, 2023)

€13,400Persónuvernd28 June 2023Iceland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Iceland's data protection authority fined Sjúkratyringur Íslands €13,400 for not securing personal health data properly. The company failed to use multi-factor authentication and used real data in system development, putting many individuals at risk. This case shows the importance of strong data security measures.

What happened

Sjúkratyringur Íslands was fined for inadequate security measures to protect personal health information.

Who was affected

Individuals whose health data was potentially exposed due to the company's security failures.

What the authority found

The authority found that the company did not implement necessary technical and organizational measures to protect personal data, violating GDPR requirements.

Why this matters

This fine underscores the need for companies to prioritize data security, especially when handling sensitive information. Businesses should review their security practices to avoid similar penalties.

GDPR Articles Cited

Art. 25 GDPR
Art. 32 GDPR
Art. 5(1)(f) GDPR
Iceland enforcementPersónuvernd actionsAll Sjúkratyringur Íslands actions
Full Legal Summary
Detailed

The Icelandic DPA has imposed a fine of EUR 13,400 on Sjúkratyringur Íslands. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data. This included the lack of multi-factor authentication for access to health information and the controller's use of real data in the development of a system. In assessing the fine, it was considered aggravating that a large number of individuals were affected by the security deficiencies. A mitigating factor was the fact that the controller cooperated fully with the investigation and implemented the measures ordered.

Related Enforcement Actions (0)

No other enforcement actions found for Sjúkratyringur Íslands in IS

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 June 2023

Authority

Persónuvernd

Fine Amount

€13,400

Enforcement Tracker ID

ETid-1933

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sjúkratyringur Íslands - Iceland (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: