Azienda ospedale università di Padova – €75,000 Fine (Italy, 2024)

€75,000Garante per la protezione dei dati personali9 May 2024Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda ospedale università di Padova was fined EUR 75,000 for allowing employees to access patient files without permission. This is significant because it shows that healthcare organizations must have strict access controls to protect sensitive patient information.

What happened

The hospital allowed unauthorized access to patient files by employees who did not need that information for their work.

Who was affected

Patients whose files were accessed by employees without proper authorization.

What the authority found

The authority found that the hospital lacked adequate measures to restrict access to personal health information, violating privacy regulations.

Why this matters

This case underscores the critical need for healthcare providers to implement strong data protection measures. It serves as a warning that failing to secure patient information can lead to severe penalties.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 25(GDPR)
Art. 32(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
c)
f) GDPR
Art. 9(GDPR)
Art. 25(GDPR)
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda ospedale università di Padova actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 75,000 on Azienda ospedale università di Padova. During its investigation, the DPA found that employees had accessed patient files without authorization and that the controller did not have appropriate access restrictions in place. This allowed employees to access patient files that were not necessary for their work, e.g. because they were not treating the patients in question.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda ospedale università di Padova in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

9 May 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€75,000

Enforcement Tracker ID

ETid-2370

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda ospedale università di Padova - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: