Dr. Ana Menezes Monteiro writes that Centro Hospitalar Barreiro Montijo has been fined 400,000 euros for violating the General Data Protection Regulation. The country’s regulator, Comissão Nacional de Protecção de Dados, found three violations of the GDPR:
— a violation of Article 5(1)(c), a minimization principle, by allowing indiscriminate access to an excessive number of users, and a violation of Article 83(5)(a) a violation of the processing basic principles.
— a violation of integrity and confidentiality as a result of non-application of technical and organizational measures to prevent unlawful access to personal data under Article 5(1)(f), and also of Article 83(5)(a), a violation of the processing basic principles.
— under Article 32(1)(b), the incapacity of the defendant to ensure the continued confidentiality, integrity, availability and resilience of treatment systems and services as well as the non-implementation of the technical and organizational measures to ensure a level of security adequate to the risk, including a process to regularly testing, assessing and evaluating the technical and organizational measures to ensure the security of the processing.
Read more on IAPP.