Primary Health Care in the Capital Area – €34,300 Fine (Iceland, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Primary Health Care in the Capital Area of Iceland was fined €34,300 for mishandling patient records. They merged their medical records with those of other parties and allowed unauthorized access to patient data. This case stresses the need for strict controls over who can access sensitive health information.
What happened
Primary Health Care improperly merged medical records and granted access to unauthorized parties.
Who was affected
Patients whose medical records were accessed without proper authorization.
What the authority found
The Icelandic DPA found that Primary Health Care violated GDPR by processing personal and health data without adequate safeguards.
Why this matters
This ruling highlights the critical importance of protecting patient data in healthcare settings. Organizations must implement strong access controls to prevent unauthorized access to sensitive information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Icelandic DPA has imposed a fine of EUR 34,300 on the Primary Health Care in the Capital Area. The controller processed personal and health data in shared medical record systems by merging its medical records with those of other parties and granting them access to its patients' records.
Related Enforcement Actions (0)
No other enforcement actions found for Primary Health Care in the Capital Area in IS
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 February 2025
Authority
Persónuvernd
Fine Amount
€34,300
Enforcement Tracker ID
ETid-2602
About this data
Cite as: Cookie Fines. Primary Health Care in the Capital Area - Iceland (2025). Retrieved from cookiefines.eu
Last updated: