DSGVO Violation: Hospital must pay 105,000 EUR!

DSGVO Violation: Hospital must pay 105,000 EUR!

Since May 2018, the basic data protection regulation has been in force – now one DSGVO infringement after another is gradually being punished. Many of these decisions are intended to send a financial signal. A hospital in Rhineland-Palatinate has accepted the fine of 105,000 EUR.

The special sensitivity in dealing with health data is to be emphasized in this fine notice.

Dieter Kugelmann is the data protection officer of the state of Rhineland-Palatinate. An incident in the hospital, in which a patient mix-up took place during admission, causes the fine to be imposed. After this incident, a false invoice was also issued. What sounds banal, however, reveals structural technical and organisational deficits in patient management.

The latter is currently not taken for granted. The notices issued in the last few weeks are also often contested. The current incidents at 1&1 and the real estate company Deutsche Wohnen SE confirm this.

9.95 and 14.5 million high fines cause a lot of discussion

When the basic data protection regulation came into force in 2018, the EUR 10 million and EUR 20 million fines had ensured, among other things, full exhibition halls. After all, nobody wants a punishment that threatens their very existence. Now that nothing or very little has happened for a long time, things are now happening in quick succession. The discussion focuses primarily on 1&1 Telekom GmbH and the real estate company Deutsche Wohnen SE.

Latter has been fined EUR 14.5 million. This was about personal data in the archive. The telecommunications company was involved in a case in which information was divulged over the telephone. Here the authentication process is criticized. Both companies have not yet recognized the notifications.

It probably won’t be the last DSGVO violation.

The handling of personal data can be expensive. Even today, the correct implementation of the DSGVO cannot be seen on numerous websites. The next warnings will certainly not be long in coming.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.