Hospital – Complaint Upheld (Hungary, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Hungarian hospital delayed providing a patient with his personal data and charged a fee, which violated his access rights. The ruling emphasizes the importance of timely and free access to personal data for individuals.
What happened
The hospital delayed and charged a fee for providing a patient's personal data, violating access rights.
Who was affected
A patient who requested access to his personal data from the hospital.
What the authority found
The authority found the hospital violated the patient's right to access by delaying the response and charging a fee, but did not require certified copies.
Why this matters
This case highlights the need for organizations to provide timely and free access to personal data. It serves as a reminder that charging fees or delaying access can lead to violations of privacy rights.
GDPR Articles Cited
The applicant is a citizen who originally filed a complaint against the Hospital regarding the medical treatment he was subject to. During the investigations concerning the Hospital, the applicant requested a copy of his personal data. The hospital charged the applicant with a fee and sent a copy of the documents requested with undue delay and without certification. As a consequence, the applicant filed a complaint with the NAIH for violation of his access right. Could a data subect be granted of a certified copiy of his personal data under Article 15 GDPR? The NAIH found that the data controller has failed to grant the Applicant ‘s right of access within the thirty-days limit, as required by Article 12(3). However, it rejected the applicant’s claims regarding the certified copies requested under Article 15 read in conjunction with Article 5(1)(d) GDPR. Indeed, the DPA found that these articles do not require to provide for certified copies of personal data.
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Hospital in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
18 November 2019
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
GDPRhub ID
gdprhub-1580About this data
Cite as: Cookie Fines. Hospital - Hungary (2019). Retrieved from cookiefines.eu
Last updated: