The Italian data protection authority ('Garante') announced, on 11 May 2022, in its monthly newsletter, that it had issued, on 7 April 2022, its Decision No. 134, in which it imposed a fine of €40,000 to Perugia Hospital, for violations of Articles 5(1)(a), 5(1)(f), 13, 14, 25, 32, and 35 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following an ex officio investigation by the Garante, and in conjunction with a decision issued against ISWEB S.p.a. Background to the decision In particular, the Garante reported that it had initiated the investigation in question as part of a wider investigation plan concerning the processing of personal data acquired through w