IDCQ HOSPITALES Y SANIDAD, S.L.U. – €1,200,000 Fine (Spain, 2025)

€1,200,000Agencia Española de Protección de Datos21 November 2025Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

IDCQ HOSPITALES Y SANIDAD was fined for mishandling patient data related to MRI scans. They had strict policies that made it hard for patients to retrieve their data, and they deleted information too quickly. This case shows the importance of keeping patient data accessible and secure.

What happened

IDCQ HOSPITALES Y SANIDAD deleted patient data too quickly and made it difficult for patients to access their MRI scan information.

Who was affected

Patients who brought their own MRI scans and needed to access their data were affected.

What the authority found

The Spanish DPA ruled that the company violated GDPR by not properly managing patient data and deleting it prematurely.

Why this matters

This significant fine underscores the need for healthcare providers to ensure patients can easily access their data. Companies must establish clear data retention policies that comply with data protection laws.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 9(GDPR)
Art. 25(GDPR)
View original scraped data
Art. 6 GDPR
Art. 9 GDPR
Art. 25 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll IDCQ HOSPITALES Y SANIDAD, S.L.U. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 1,200,000 on IDCQ HOSPITALES Y SANIDAD, S.L.U. The controller offered MRI scans as part of its services, and patients could bring copies or originals of previous scans. However, the controller had established very strict return policies, resulting in data being deleted after a very short amount of time, and data subjects being unable to easily retrieve their data if they had brought it on physical data carriers. Furthermore, the controller only stored data that was necessary for comparison purposes, deleting the rest immediately upon receipt.

Related Enforcement Actions (0)

No other enforcement actions found for IDCQ HOSPITALES Y SANIDAD, S.L.U. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 November 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,200,000

Enforcement Tracker ID

ETid-3013

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. IDCQ HOSPITALES Y SANIDAD, S.L.U. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: