Haga Hospital, based in the Netherlands, was this week fined €460,000 by the Dutch data protection authority (AP) for breaching the GDPR (General Data Protection Regulation).
Haga was investigated by the AP after 85 hospital employees had access to the medical records of Samantha de Jong, AKA Barbie, a well–known Dutch reality TV star.
In addition to the fine, Haga must improve the security of patients’ files by 2 October 2019. Failure to comply with the AP’s ruling will result in the hospital being fined €100,000 every two weeks, up to a maximum of €300,000.
Aleid Wolfsen, chairman of the AP, said: “The AP thinks it is a bad thing that a hospital does not have the internal security of patient records in order. A firm fine fits with that. The relationship between a healthcare provider and a patient should be completely confidential. Also within the walls of a hospital. It doesn’t matter who you are.”
Ensure staff understand their GDPR obligations
A key component of GDPR compliance is ensuring all employees, from the executive boardroom to the reception desk, understand their responsibilities under the Regulation.
Our GDPR Staff Awareness E-learning Course is a quick and affordable way to deliver GDPR training to your entire workforce. The course aims to provide employees with a complete foundation on the principles, roles, responsibilities and processes under the Regulation.