Doctor´s Office – €2,500 Fine (Germany, 2024)

€2,500Bundesbeauftragter für den Datenschutz1 January 2024Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A doctor's office in Germany was fined EUR 2,500 for not securing patient files properly. The office manager stored sensitive information at home without locking it, allowing unauthorized access. This case highlights the importance of protecting personal data, especially in healthcare settings.

What happened

The doctor’s office failed to secure patient files stored at home, allowing unauthorized access.

Who was affected

Patients whose medical records were stored insecurely by the office manager.

What the authority found

The authority found that the doctor’s office did not take adequate measures to protect personal data, violating GDPR's requirements for security.

Why this matters

This ruling emphasizes that businesses must ensure proper data security measures are in place, especially when handling sensitive information. Small businesses should review their data protection practices to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 5(1)(f) GDPR
Art. 6(1) GDPR
Art. 9(1) GDPR
View original scraped data
Art. 5(1) f) GDPR
Art. 6(1) GDPR
Art. 9(1) GDPR
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 16 March 2026
articles corrected
authority corrected
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Doctor´s Office actions
Full Legal Summary
Detailed

The DPA of Hessen has imposed a fine of EUR 2,500 on a doctor´s office. The controller hired an office manager who worked partly from home. The manager worked with patient files, which he stored at home. However, he did not lock or otherwise secure the files, which resulted in guests and family members having access to them. On one occasion, the manager asked his wife to send him photos of some files via a private messaging service because he had left them in his car, which his wife was using for a long trip.

Related Enforcement Actions (0)

No other enforcement actions found for Doctor´s Office in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 January 2024

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€2,500

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Doctor´s Office - Germany (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: