Medical association – €4,000 Fine (Italy, 2024)

€4,000Garante per la protezione dei dati personali20 June 2024Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined the medical association 'Ordine dei Medici Chirurghi e degli Odontoiatri' EUR 4,000 for not responding quickly enough to a patient's request for their personal data. This matters because it highlights the importance of timely communication with patients regarding their data rights.

What happened

The medical association failed to respond to a patient's request for access to their personal data in a timely manner.

Who was affected

Patients who requested access to their personal data from the medical association were affected.

What the authority found

The authority found that the medical association did not comply with the requirement to respond promptly to data access requests under GDPR.

Why this matters

This case emphasizes that companies must prioritize timely responses to personal data requests. It serves as a reminder for all businesses to ensure they have clear processes for handling such requests.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
Art. 12(3) GDPR
Art. 13(2)(a) GDPR
View original scraped data
Art. 12(3) GDPR
Art. 13(2) a) GDPR
Art. 15(GDPR)

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Medical association actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 4,000 on the medical association 'Ordine dei Medici Chirurghi e degli Odontoiatri'. A patient had filed a complaint with the DPA. During its investigation the DPA fount that the controller had not responded to the data subject's request for access to their personal data in a timely manner. Additionally, the controller failed to provide sufficient information regarding the retention period of their personal data.

Related Enforcement Actions (1)

Other enforcement actions involving Medical association in IT

Fine
May 2024· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 3,000 on a medical association. A doctor had filed a complaint because the professional association suspende...

€3K
Current
Jun 2024

Fine

€4K

Details

Fine Date

20 June 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€4,000

Enforcement Tracker ID

ETid-2404

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Medical association - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: