GDPR warning from the Personal Data Protection Authority to the hospital in Poland
Key Points
- A warning was issued to a specialist hospital in the city of Sosnowiec, Poland by the Personal Data Protection Authority.
- The hospital was warned because it did not sufficiently verify the security standards of an external data processing company.
- The failure to conduct the necessary risk analysis for processing personal data via email was another reason for the violation.
Mirosław Wróblewski, President of the Personal Data Protection Office (UODO) in Poland, issued an official warning to a specialist hospital in the city of Sosnowiec. The hospital was warned for working with an external service provider without auditing whether they provide sufficient security guarantees in the processing of personal data.
The authority also considered the hospital's failure to conduct an appropriate risk analysis for personal data processing operations carried out via electronic mail as a deficiency. This situation was found to be in violation of the GDPR (RODO) rules, which is the general regulation on the protection of personal data.
This decision, given by the data protection authority, sets an important example in terms of demonstrating what kind of sanctions negligence in risk management and the auditing of external vendors in data processing operations can bring to institutions.
React to this story
Ask about this story
Answers are AI-generated from this story only.
Frequently Asked Questions
- What exactly is the penalty or sanction given to the hospital?
- The hospital was not fined but given an official warning (upomnienie). This serves as a formal notice for the institution to comply with GDPR rules.
- In what matters did the hospital violate GDPR rules?
- The hospital committed a violation by failing to verify the data security guarantees of an external vendor and by not conducting a risk analysis for personal data processed via email.
- Who is the authority that made this decision?
- The decision was made by Mirosław Wróblewski, President of the Personal Data Protection Office (UODO) in Poland.
This is an AI-generated summary. The full story lives at the source.
Read the full story at the sourceprawo.pl