Haga Hospital – €350,000 Fine (Netherlands, 2019)

€350,000Autoriteit Persoonsgegevens18 June 2019Netherlands
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Haga Hospital in the Netherlands was fined EUR 350,000 for not securing patient records properly. Hospital staff accessed a celebrity's medical records without need, prompting the fine. This highlights the need for strong data security measures in healthcare to protect patient privacy.

What happened

Haga Hospital was fined for inadequate security of patient records, allowing unnecessary access by staff.

Who was affected

Patients at Haga Hospital, including a well-known Dutch person whose records were accessed without necessity.

What the authority found

The Dutch Data Protection Authority fined the hospital for failing to secure patient records adequately.

Why this matters

This case underscores the critical importance of implementing robust security measures in healthcare settings to prevent unauthorized access to sensitive data.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Decision AuthorityRechtbank Den Haag
Reviewed AuthorityAP
Source verified 6 March 2026
amount discrepancy
date discrepancy
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll Haga Hospital actions
Full Legal Summary
Detailed

Original Fine Summary: The Haga Hospital does not have a proper internal security of patient records in place. This is the conclusion of an investigation by the Dutch Data Protection Authority. This investigation followed when it appeared that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person. To force the hospital to improve the security of patient records, the AP simultaneously imposes an order subject to a penalty. If the Haga Hospital has not improved security before 2nd of October 2019, the hospital must pay EUR 100,000 every two weeks, with a maximum of EUR 300,000. The Haga Hospital has meanwhile indicated to take measures. Update: The fine was reduced from EUR 460,000 to EUR 350,000 following a court ruling in 2021.

Related Enforcement Actions (0)

No other enforcement actions found for Haga Hospital in NL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

18 June 2019

Authority

Autoriteit Persoonsgegevens

Fine Amount

€350,000

Enforcement Tracker ID

ETid-63

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Haga Hospital - Netherlands (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: