Editing AP - Ziekenhuis OLVG

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 105: Line 105:
  
 
<pre>
 
<pre>
Subject
+
<!DOCTYPE html><!--[
 
 
Decision to impose an administrative fine
 
 
 
Dear Mr Van den Bosch
 
 
 
The Dutch Personal Data Authority (AP) has decided to impose an administrative fine of €440,000 on the OLVG Foundation (OLVG) because OLVG failed to comply with the requirement for two-factor authentication and the regular review of log files. In doing so, OLVG failed to take adequate measures as referred to in Article 32, first paragraph, of the General Data Protection Regulation (AVG).
 
 
 
The decision is explained in more detail below. Chapter 1 contains an introduction and Chapter 2 describes the legal framework. In chapter 3, the AP assesses the processing responsibility and the breach. Chapter 4 details the (level of the) administrative fine and Chapter 5 contains the operative part and the legal remedies clause.
 
 
 
1. Introduction
 
 
 
1.1 Legal entities involved and reason for investigation
 
 
 
OLVG is a foundation with its registered office at Oosterpark 9, in Amsterdam. OLVG is registered in the trade register of the Chamber of Commerce under number 41199082. OLVG is a top clinical teaching hospital in Amsterdam with two main locations in Amsterdam East and West. OLVG provides medical care to approximately 500,000 patients annually. In 2018, OLVG had 5890 salaried employees, of which 4274 were in patient-related positions.1
 
 
 
The AP received two data breach notifications from the OLVG Foundation regarding access by employees and work students to electronic patient
 
 
</pre>
 
</pre>

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Template used on this page: