Clinic – Fine (Germany, 2021)

Fine
Bundesbeauftragter für den Datenschutz1 January 2021Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A clinic in Germany was found to have a conflict of interest because it appointed its manager, who was also a shareholder, as the data protection officer. This dual role could discourage patients and employees from raising privacy concerns. The case highlights the importance of keeping data protection roles separate from business interests.

What happened

The clinic appointed its manager, also a shareholder, as the data protection officer, creating a conflict of interest.

Who was affected

Patients and employees of the clinic who might hesitate to discuss privacy issues with the data protection officer.

What the authority found

The authority found a conflict of interest because the clinic manager's dual role could compromise data protection oversight.

Why this matters

This case underscores the need for businesses to separate data protection roles from other business functions to avoid conflicts of interest. It serves as a reminder to ensure that data protection officers can operate independently.

Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Clinic actions
Full Legal Summary
Detailed

The DPA from Berlin has imposed a fine on a clinic. The clinic had appointed the clinic manager, who was also a shareholder of the clinic, as the data protection officer. A data protection officer may perform other tasks and duties, but the company must ensure that other tasks and duties do not lead to a conflict of interest. In the present case, however, there was such a conflict of interest. On the one hand, the clinic manager had to make economic decisions in his executive position, and on the other hand, he had to monitor the clinic's compliance with data protection law. The DPA also noted that such a dual role carries the risk that patients and employees would be hesitant to seek the assistance of the data protection officer, also the hospital director, with critical questions about the processing of personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Clinic in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 January 2021

Authority

Bundesbeauftragter für den Datenschutz

Enforcement Tracker ID

ETid-1222

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Clinic - Germany (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: