Sweden’s Data Protection Authority has divulged that it has opened investigations into medical service providers, Voice Integrate Nordic.
The organisation is part of Vardguiden, the country’s phone-up medical information service. Recent news reports allege that a high number of recorded phone calls received by Voice Integrate Nordic were placed in the public domain online and had become open to public access without protection through encryption or passwords.
Further details have not yet been released on whether or not a breach in regulatory standards has taken place. Under GDPR terms, private personal data cannot be accessed or shared without the explicit opt-in consent of the individuals to whom the data belong.
The EU data laws also put new responsibilities on the shoulders of Data Protection Officers (DPOs) and their teams regarding the implementation of compliant security measures surrounding data processing.
Supervising the investigation’s progress is Suzanne Isberg, who said that the Data Protection Authority in Sweden will have to identify what kinds of personal data were compromised, which IT infrastructures that were involved, and steps to take in order to avoid a repeat of the incident in future.
Emphasising the complexity of the task at hand, Isberg said that the numerous parties involved in the blunder will have to collaborate with authorities, legal teams and IT specialists before conclusions can be draw from the inspection in its early stages.
IT expert, Magnus Bergstrom commented that a large part of the probe will concern mapping personal data flows between IT systems and studying the technologies and practices that were in place to protect them.
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.