Article summary
MLex has reported that a healthcare provider in Caltanissetta, Sicily has been fined €6,000 by the Italian Data Protection Authority (DPA) for violating the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). The company had illegally made an employee's social security-related information available to other employees. It also failed to fulfil a data subject's right to access and co-operate with the DPA. During the investigation, the Italian DPA also found that the company infringed Article 37 of the EU GDPR when it did not update the changed contact details of its data protection officer on its website and subsequently failed to inform the DPA of the change.
To continue reading this news article, as well as thousands of others like it, sign in with LexisNexis or register for a free trial