Dowiedz się więcej na temat naszych produktów. Zobacz nasz blog
  • EN
  • PL
  • What was the first penalty for a GDPR violation?

    The General Data Protection Regulation (GDPR) was introduced by the European Union to address growing concerns about privacy and data protection in a world increasingly dominated by technology. The implementation of these regulations has revolutionized the way businesses collect, process, and store data. But what exactly do these changes mean for companies operating in Europe? And what are the consequences of not adhering to them?

    Portuguese Hospital Fined by CNPD

    In 2018, the Comissão Nacional de Protecção de Dados (CNPD) fined Barreiro-Montijo Hospital 400,000 euros. This Portuguese authority oversees personal data protection. The incident is a major example of GDPR enforcement in the European Union.

    The Barreiro-Montijo Hospital Center in Portugal faced penalties for numerous and grave violations. An inspection revealed that the hospital lacked internal regulations for creating accounts and managing access to medical data. Moreover, there was a failure in taking steps to remove accounts of employees who had left the hospital. Additionally, patient data access was mishandled, leading to breaches.

    Permission Management: How to Avoid Similar Issues?

    Modern institutions, particularly those in the medical sector, must give special attention to permission management. Adequately structured and consistently implemented procedures in this field can not only shield institutions from potential sanctions but also elevate the overall level of information security.


    Introducing a clear security policy is the cornerstone. It meticulously dictates who can access information and how much. Yet, that’s just the beginning.

    These procedures should encompass not only the granting and revoking of permissions but also their regular reviews and updates. As the organizational structure changes and the roles of employees shift, permissions should be readjusted to continually reflect actual needs and maintain optimal security levels.

    Moreover, it’s prudent to introduce systems monitoring access and user activities. Such systems not only bolster security by detecting unauthorized access but also act as audit tools, potentially providing evidence in the event of violations.

    In conclusion, training staff on security policies and permission management is vital. Even the most robust system can falter if employees lack awareness of their roles and responsibilities in data protection.


    The penalty given to Barreiro-Montijo Hospital in Portugal is a warning. It highlights the importance of permission management. It also emphasizes the consequences of GDPR violations. Safeguarding personal data has multiple purposes. It’s not just about avoiding fiscal penalties. It’s mainly about building trust with customers and patients. Institutions hold many people’s data. In today’s era, data protection is essential. It’s not a luxury.