• +359.2439 0704
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 9:00 - 20:00

Latest News

Acronis / G Suite / MS Office 365 / M-Files

GDPR: Portuguese hospital hit with €400,000 fine for two GDPR violations

GDPR: Portuguese hospital hit with €400,000 fine for two GDPR violations

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Portuguese hospital hit with €400,000 fine for two GDPR violations

The Barreiro Hospital is appealing one of the first publicly-announced fines issued since the new regulations came into force

The Portuguese data watchdog applied a €400,000 fine on a Portuguese hospital in July for two violations of the EU's General Data Protection Regulation (GDPR).

The Portuguese Data Protection Authority (CNPD) found the Barreiro Hospital had granted nine social workers access to patients' clinical data, while 985 users were registered for doctor-level access despite only 296 physicians working at the hospital.

The hospital is appealing the fine, issued on 17 July but not publicly announced at the time, and may even launch a judicial challenge, according to Portuguese publication Publico.

Two separate penalties were imposed after the data watchdog inspected the hospital in early July, with a €300,000 fine applied for failing to respect patient confidentiality, and limiting inappropriate access to patient data. The second fine of €100,000 was imposed for the hospital's inability to ensure the integrity of data security in their system.

"The Centro Hospitalar Barreiro Montijo (CHBM) does not follow the assumptions and understanding of the National Data Protection Commission (CNPD) on this matter," the hospital's board of directors said. "We are currently preparing a judicial challenge."

The regulator explained that an audit showed a test profile on the hospital's system granted "unrestricted" access to clinical data for patients.

According to the CNPD the hospital acknowledged the existence of unused profiles on the system, but said they were "temporary profiles" for doctors working on a contractual basis.

The fine represents one of the first publicly-announced GDPR fines issued since the regulations came into force on 25 May this year.

The figure is small against the €20 million (or 4% of global annual turnover) maximum that can be levied against an organisation, but indicates regulators may take a measured approach to enforcing GDPR.

Source: itpro.co.uk

Access the Most Secure Cloud Backup World

Acronis Cloud Backup

Active Ransomware Protect
All platforms supported


Services offered by SNET IT SERVICES are always in line with the GDPR legislation and in accordance with EU Commercial Law. All services put full access in the Cloud in the easiest and most secure way with 100% mobilty access, without exposing any of your Private Data.