Hospital – €3,000 Fine (Croatia, 2025)

€3,000Agencija za zaštitu osobnih podataka24 March 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Another Croatian hospital was fined EUR 3,000 for not securing sensitive health data properly. They lacked sufficient measures to protect patient information, which is crucial for maintaining trust in medical services. This ruling stresses the importance of data security in healthcare.

What happened

The hospital failed to implement adequate security measures for processing health data, risking patient confidentiality.

Who was affected

Patients whose health information was at risk due to the hospital's inadequate security measures were affected.

What the authority found

The authority determined that the hospital violated several GDPR articles by not ensuring the security and confidentiality of health data.

Why this matters

This ruling underscores the critical need for healthcare providers to establish strong data protection practices. Other medical facilities should evaluate their data security measures to prevent similar violations.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(1) GDPR
View original scraped data
Art. 13(GDPR)
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
articles corrected
national law identified
amount discrepancy
entity split needed
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Hospital actions
Full Legal Summary
Detailed

The Croation DPA (AZOP) has imposed a fine of EUR 3,000 on a hospital. Despite the extensive and high-risk processing of health data, the hospital had not implemented sufficient organizational measures to ensure the security of data processing. Specifically, measures to ensure the confidentiality of health information were lacking, which undermined trust in medical services and patient privacy. The hospital was fined for breaching Art. 13, Art.32, Art. 33, and Art. 34(1) GDPR.

Related Enforcement Actions (3)

Other enforcement actions involving Hospital in HR

Fine
Sept 2024· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed a fine of EUR 190,000 on a hospital. The hospital had suffered a data breach in which radiological image files wer...

€190K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) imposed a fine of EUR 20,000 on a hospital for failing to implement adequate technical and organizational measures to protect ...

€20K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croation DPA (AZOP) has imposed a fine of EUR 4,000 on a hospital. The AZOP found that the hospital used a company which automatically retrieved p...

€4K
Current
Mar 2025

Fine

€3K

Details

Fine Date

24 March 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€3,000

Enforcement Tracker ID

ETid-2607

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hospital - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: