The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
800 results were found
Undue access for nursing staff.
PS 88/2022
It resolves to admonish the ICS as being responsible for the infringement of the principle of confidentiality, since nursing staff would have accessed different clinical histories in an unjustified manner, and it resolves to archive the facts relating to certain accesses that are considered justified. It is also proposed that the entity take disciplinary action against the person responsible for improper access.
02/03/2023
Missing communication of DPD designation in the APDCAT.
PS 79/2022
The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.
02/03/2023
Personal data are revealed by having mistakenly provided an ITV card.
PS 59/2022
The complainant complains that the ITV station provided a third party with the ITV card of their vehicle. This was due to human error and the accused entity proceeded to take measures to correct the situation. Despite this, the registration of a vehicle is personal data and therefore constitutes a breach of data protection regulations. The principle of confidentiality must be upheld.
02/03/2023
Undue access to HC3.
PS 91/2022
There are four unjustifiable accesses to the HC3 of the person denouncing by staff of the Sanitary Corporation Parc Taulí de Sabadell. It resolves to admonish the Corporation as the person responsible for an infringement provided for in Article 83.5.a) in relation to Article 5.1.a), both of which are in the GDPR, for 2 undue access to the HC3 which have not been prescribed, for the violation of the basic principles for processing, specifically the principle of application.
22/02/2023
Recording telephone calls for administrative purposes, by the Guardia Urbana de l'Ajuntament de Tarragona, without complying with the right to information, and disclosure of personal data of third parties.
PS 62/2022
It is decided to admonise the City Council of Tarragona since, in a call made by the person denouncing the Urban Guard of this City Council, he was collected personal data (name, surnames, DNI number and voice) and was not informed of the content provided in Article 13 GDPR. In addition, the city council is also credited with violating the principle of confidentiality since the Guardia Urbana informed the House denouncing that the "Seva Más" would have called, from the same home, to denounce the same facts. With regard to the collection of personal data, which the complainant considers excessive, it is appropriate to archive the facts since, according to the rules of administrative procedure, when a citizen submits a complaint, it must be identified.
22/02/2023
Contract in charge of processing
PS 57/2022
The Department of the Presidency, through the Pensions Plan Control Commission, did not sign the corresponding contract of controller of treatment with the management and depository entities of the pension scheme.
22/02/2023
Notification of a resolution addressed to a third person.
PS 87/2022
The Department for Climate Action, Food and Rural Agenda notified the person denouncing a resolution addressed to a third person and containing personal data. It is decided to admonish the Department as the person responsible for a breach provided for in Article 83.5.a) in relation to Article 5.1.f), both of which are in the GDPR, for breach of the confidentiality principle.
22/02/2023
Lost documentation as a result of the lack of adequate security measures.
PS 61/2022
It is decided to sanction FMB S.A. because the lack of implementation of appropriate technical and organisational measures has prevented it from locating the personal file of the person who provided services to the complained company. This fact violates Article 32.1 of the GDPR, which provides for the controller's obligation to guarantee the availability and security of personal data.
14/02/2023
Missing communication of DPD designation in the APDCAT.
PS 72/2022
The entity had not notified the Catalan Data Protection Authority the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation for the entity. This obligation provided for in the GDPR was fully applicable and enforceable to the entity, since May 2018.
14/02/2023
Undue access to HC3.
PS 85/2022
The person complained that he had unduly accessed his clinical history. The ICS recognises this and states that it has taken steps to prevent any further undue access. A final resolution is issued, implying a violation of the principle of confidentiality.
14/02/2023
Total number of pages: 80