The French Data Protection Authority published on December 17th 2020 the decision to fine 2 liberal doctors in France for 3 000 € and 6 000 €.
Basically they had
- build their own howebrew “servers”
- hosted data that was not systematically encrypted
- ignored the most elementary rules of data security
I am frankly not happy about this, but I guess we have to go this route in order to everybody understand that GDPR is not an option but a law.
Considering the sensitivity of personal health related data (that’s why they fall under the category sensitive data under GDPR), it is just not acceptable that someone builds a Do-It-Yourself server without the necessary data protection and security.
And, yes it cost money to consult an IT company, but so does consulting a doctor, lets everybody do and respect their respective jobs, and they will be done well.
Source : CNIL : https://www.cnil.fr/fr/violations-de-donnees-de-sante-la-cnil-sanctionne-deux-medecins
Thanks to the (27) readers of this article !