The Italian data protection authority ('Garante') announced, on 11 May 2022, in its monthly newsletter, that it had issued, on 7 April 2022, its Decision No. 134, in which it imposed a fine of €40,000 to Perugia Hospital, for violations of Articles 5(1)(a), 5(1)(f), 13, 14, 25, 32, and 35 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following an ex officio investigation by the Garante, and in conjunction with a decision issued against ISWEB S.p.a. Background to the decision In particular, the Garante reported that it had initiated the investigation in question as part of a wider investigation plan concerning the processing of personal data acquired through w
News
Italy: Garante fines Perugia Hospital €40,000 for GDPR violations in relation to whistleblowing system
May 12, 2022
Summary
The Italian data protection authority, Garante, fined Perugia Hospital €40,000 for GDPR violations related to their whistleblowing system. The Hospital failed to inform individuals about the processing of their personal data and inadequately protected the confidentiality and integrity of the data, violating Articles 5, 13, 14, 25, 32, and 35 of the GDPR. The investigation also involved ISWEB S.p.a., the IT company managing the whistleblowing application. Despite no whistleblowing reports being present at the time of investigation, the Hospital's cooperation and remedial actions were considered in the fine determination. The Garante also ordered the decision's publication and offered a reduced settlement option for the Hospital.