Topic: Integrity and confidentiality
Authority: Comissão Nacional de Protecção de Dados – CNPD
Sanction: € 400,000.
In one of the first decisions following the introduction of the GDPR, the National Data Protection Commission of Portugal issued a fine of € 400,000 to the Barreiro Montijo Hospital. Among other things, the hospital gave technicians access to all patient files on a large scale. The Commission also criticised the fact that 985 users in the system are active with the “doctor” function, even though only 296 doctors are on duty in the hospital.
The hospital announced that the decision would be continued.