The Portuguese Supervisory Authority fined an unnamed hospital 400,000 euros earlier this year for violations of the EU General Data Protection Regulation, according to Covington & Burling's Inside Privacy blog. The CNPD found in its investigation hospital staff members illicitly accessed patient data through false profiles. The hospital only had 296 registered doctors; however, the organization’s profile management system listed 985 accounts. Even though Portugal has not officially implemented the GDPR, the CNPD still used the rules to determine the fine against the hospital. The decision has not been made public, and the hospital announced it contests the penalty.
If you want to comment on this post, you need to login.