HDPA (Greece) - 20/2020
HDPA - 20/2020 | |
---|---|
Authority: | HDPA (Greece) |
Jurisdiction: | Greece |
Relevant Law: | Article 2(2)(a) GDPR Article 4(15) GDPR Article 6(1)(e) GDPR Article 9(2)(g) GDPR Article 37(1) GDPR Article 37(3) GDPR Article 45 GDPR Article 51 GDPR Article 55 GDPR Article 58(2)(d) GDPR Article 10(5) of Greek Data Protection Act Article 9 of Greek Data Protection Act |
Type: | Complaint |
Outcome: | Rejected |
Started: | |
Decided: | 03.03.2020 |
Published: | 20.07.2020 |
Fine: | None |
Parties: | 401 Athens General Military Hospital |
National Case Number/Name: | 20/2020 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Greek |
Original Source: | HDPA (in EL) |
Initial Contributor: | n/a |
The Hellenic Data Protection Authority (HDPA) found itself competent to decide over case concerning personal data processed by the 401 Athens General Military Hospital, insofar this data is not classified information related to activities concerning national security. The HDPA found the processing lawful but ordered the Hospital to appoint a DPO.
English Summary
Facts
A data subject complained that 401 Athens General Military Hospital unlawfully processed personal data of people entering the hospital, collecting details from their ID and information about where exactly in the hospital they intend to go, time of entrance and exit.
The Military Hospital claimed that this information was necessary for the security of the hospital and that in any case, the DPA was not competent to deal with the case as it concerns data related to activities concerning national security.
Dispute
Holding
The HDPA found, first of all, itself competent to decide on the case as the personal data collected (a) has not been characterised as "classified information" (b) nor does it relate to activities concerning national security, as required by the national Data Protection Act.
Then, the HDPA rejected the complaint as it found the processing necessary for the protection of military facilities and thus lawful according to Articles 6(1)(e) and 9(2)(g) GDPR.
Lastly, the HDPA imposed the corrective measure of Article 58(2)(d), ordering the Military Hospital to appoint a DPO.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.