The French Data Protection Authority CNIL fines 2 doctors for non-respect of GDPR

The French Data Protection Authority published on December 17th 2020 the decision to fine 2 liberal doctors in France for 3 000 € and 6 000 €.

Basically they had

  • build their own howebrew “servers”
  • hosted data that was not systematically encrypted
  • ignored the most elementary rules of data security

I am frankly not happy about this, but I guess we have to go this route in order to everybody understand that GDPR is not an option but a law.

Considering the sensitivity of personal health related data (that’s why they fall under the category sensitive data under GDPR), it is just not acceptable that someone builds a Do-It-Yourself server without the necessary data protection and security.

And, yes it cost money to consult an IT company, but so does consulting a doctor, lets everybody do and respect their respective jobs, and they will be done well.

Source : CNIL : https://www.cnil.fr/fr/violations-de-donnees-de-sante-la-cnil-sanctionne-deux-medecins

Thanks to the (27) readers of this article !

Leave a Reply