The French SA fined CEGEDIM SANTÉ EUR 800,000 for processing non-anonymous health data without authorization, transmitted for studies and statistics in the health sector, failing to comply with prior formalities and processing data unlawfully by not ensuring that data accessed through the 'HRi' teleservice was not automatically downloaded, leading to the violation of GDPR Article 5.1.a
The company's breach of not obtaining authorization from the French SA, and collecting non-anonymous data that could be re-identified, was highlighted, resulting in the administrative fine imposed by the French SA, shedding light on the importance of data protection regulations in commercial activities and the consequences of non-compliance. https://www.edpb.europa.eu/news/national-news/2024/commercial-prospecting-french-sa-fined-cegedim-sante-eur-800-000_en