The President of the Polish SA monitors the leakage of patients data of DCG Medical Center

The case of the leakage of data of patients of the DCG Medical Center clinic in Wrocław is known to the President of the Personal Data Protection Office. In connection with these events, the supervisory authority will take action within the framework of its tasks and powers under the General Data Protection Regulation (GDPR) and national regulations.

We would like to remind you that persons affected by a personal data breach should first contact the entity that processes their personal data to find out, for example, what specific data has been stolen or made available to an unauthorised person. A controller who identifies a personal data breach that generates a high risk of violation of the rights and freedoms of natural persons (i.e. the breach may lead to identity theft, financial loss or violation of legally protected secrets) should communicate it to these persons. The necessity to communicate the breach to persons may arise when the scope of the disclosed data includes special categories of personal data, e.g. personal identification number (PESEL number )or health data.

In the case of a high risk, e.g. identity theft, it is very important to communicate the breach to the affected persons. These people, having knowledge about the incident and the risks associated with it, can quickly take action themselves to protect them from further threats.

Such actions may include, for example, setting up an account in the credit and business information system in order to monitor one's credit activity and being even more careful when providing data via the Internet or by phone, so that, for example, people with dishonest intentions do not obtain, for example, additional data that will facilitate e.g. the so-called identity theft.