ANSPDCP (Romania) - Fine against Societatea Civilă Medicală Policlinica Tommed

From GDPRhub
Revision as of 21:33, 14 December 2021 by DianaR (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP (Romania) |DPA_With_Country=ANSPDCP (Romania) |Ca...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ANSPDCP (Romania) - Fine against Societatea Civilă Medicală Policlinica Tommed
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(a) GDPR
Article 5(1)(b) GDPR
Article 5(1)(f) GDPR
Article 5(2) GDPR
Article 9 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 06.12.2021
Fine: 2000 EUR
Parties: Societatea Civilă Medicală Policlinica Tommed
National Case Number/Name: Fine against Societatea Civilă Medicală Policlinica Tommed
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Diana Rosu

The Romanian DPA fined a medical clinic approximately €2.000 after unlawful discloser of patient health data to another controller.

English Summary

Facts

The Romanian DPA started an investigation against a medical clinic after a complaint was filed by one of its patients. The investigation found that the clinic unlawfully disclosed to another controller the personal data belonging to the data subject, including their health-related data. The disclosure occurred disregarding the data protection principles, without a legal basis and without informing the data subject.


Holding

As result, the clinic was fined approximately €2.000 (RON9.898) and the DPA applied a corrective measure, ordering the clinic to bring its processing operations into compliance to prevent further unlawful disclosure and to apply adequate security and confidentiality measures.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. 






06.12.2021 & # 13;
RGPD & # 13;
& # 13;
In November 2021, the National Supervisory Authority completed an investigation at the operator of the Civil Medical Society Tommed Polyclinic, following which it was found that the provisions of art. 5 para. (1) lit. a), b) and f) and par. (2), corroborated with art. 9 of the General Data Protection Regulation. & # 13;
As such, the operator was sanctioned with a fine of 9898 lei (equivalent to 2,000 euros). & # 13;
The investigation was launched following a complaint alleging that the Tommed Polyclinic Medical Society disclosed certain personal data, including health, of an individual to another operator. & # 13;
During the investigation it was found that the controller disclosed the personal data without respecting the principles of processing and without complying with the legal conditions of processing of personal data, including health, and without prior information of the person involved (patient of the operator). & # 13;
At the same time, the corrective measure was applied to the operator to ensure the compliance with RGPD of the operations of collection and further processing of personal data, so as to avoid the disclosure of personal data processed, in violation of legal conditions, which also involves the application of appropriate measures. security and confidentiality, through the regular training of data controllers under the authority of the controller and the appropriate involvement of the person responsible for the protection of personal data, in accordance with art. 37-39 of the RGPD. & # 13;
Legal and Communication Department & # 13;
A.N.S.P.D.C.P.
Retrieved from "https://gdprhub.eu/index.php?title=ANSPDCP_(Romania)_-_Fine_against_Societatea_Civilă_Medicală_Policlinica_Tommed&oldid=21840"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki