John Bryan uses a recent monetary penalty by the Information Commissioner’s Office to contrast what might happen to fines under the GDPR.
Fertility patients being treated at the Lister Hospital, part of the US-based HCA Healthcare group, discovered in April 2015 that transcripts of their confidential patient-doctor conversations were publicly available on the world wide web. After an investigation by the UK’s data protection authorities, HCA’s UK arm, was fined £200,000 for the hospital’s breach.
HCA Healthcare UK, the private hospital group, incurred a £200,000 fine – a significant amount of money but less than half the maximum they could have faced under the Data Protection Act of £500,000. However, HCA Healthcare UK can thank their lucky stars that the new EU-wide data protection regime (GDPR) isn’t in force yet.
Read more on Sophos.