Peter Kováč and Lukáš Mrázik of Kinstellar write:
The Slovak Data Protection Authority (“Slovak DPA”) has fined Faculty Hospital Nitra EUR 2,000 for unlawfully processing sensitive personal data in breach of § 13 section 1 of Act. No 122/2013 Coll., On Personal Data Protection (“Data Protection Act 2013”).
The Slovak DPA found the hospital in breach of Data Protection Act 2013
(i) through its unlawful provision in November 2017 of sensitive personal data concerning a deceased patient (a minor), which was included in medical records provided to an expert witness who prepared a written expert opinion the for the hospital; and(ii) by unlawfully providing in March 2018 the personal data of the same patient to the Slovak weekly newspaper MY NITRIANSKE NOVINY, which published an article dedicated to the case on 26 March 2018.
The Slovak DPA’s first instance decision imposed fine of EUR 4,000, which was decreased to EUR 2,000 after a successful appeal by the hospital. Fines in such pre-GDPR cases could have ranged from EUR 1,000 to EUR 200,000.
Read more on Kinstellar.