I chose the case about the disclosure of sensitive personal data by a hospital to a third party.

This case highlights the disclosure of sensistive personal of a patient done by the hospital to a third party

The aspect of GPDR that this case addresses are: requirement to keep personal data accurate, complete and up to date, requirement to take appropriate security measures and requirement for a legal basis for processing sensitive personal data. This occured when the hospital processed the complainant’s sensitive personal data by way of disclosing their personal data inadvertently to a third party.

  • The patient refused the apology from the hospital and raised his case to the commissioner to take the appropriate decision in the case.

  • proper staff training should be done as part of the onboarding to be familiar with GDPR standards. Moreover quality control, policies, procedures, documentation and monitoring should be done to ensure that all employees rigidly adhere to its standard procedures to ensure alignment to compliance and avoid such issues.