Centric Health Ltd. (“Centric”) - February 2023

Document

Cited authorities 7

Cited in

Date	23 January 2023
Section	Decisions made under data protection act 2018

In the matter of the General Data Protection Regulation

DPC Case Reference: IN-21-2-4

In the matter of Centric Health Ltd.

Decision of the Data Protection Commission made pursuant to Section 111 of the Data Protection Act

2018

Further to an own-volition inquiry commenced pursuant to Section 110 of the Data Protection Act 2018

DECISION

Decision-Maker for the Data Protection Comm ission:

_______________________

Helen Dixon

Commissioner for Data Protection

23 January 2023

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, Ireland

Contents

A. Introduction .................................................................................................................................... 4

B. Legal Framework for the Inquiry and the Decision ......................................................................... 4

i) Legal Basis for the Inquiry ........................................................................................................... 4

ii) Data Controller ............................................................................................................................ 4

iii) Legal Basis for the Decision ......................................................................................................... 5

C. Factual Background ......................................................................................................................... 5

D. Scope of the Inquiry and the Application of the GDPR ................................................................. 12

E. Centric’s Submissions in relation to the Draft Decision ................................................................ 14

F. Issues for Determination............................................................................................................... 15

G. Analysis of the Issues for Determination ...................................................................................... 16

a) Assessment of the Risks ............................................................................................................ 16

b) Measures Implemented by Centric to Address the Risks ......................................................... 19

c) Processes to test, assess and evaluate effectiveness of measures .......................................... 27

H. Findings Regarding Article 5(1)(f) and 32(1) ................................................................................. 28

I. Accountability Principle ................................................................................................................ 29

J. Finding Regarding Article 5(2)GDPR ............................................................................................. 30

K. Decision on Corrective Powers ..................................................................................................... 30

L. Reprimand ..................................................................................................................................... 31

M. Administrative Fines ................................................................................................................. 31

Article 83(2)(a) GDPR: the nature, gravity and duration of the infringement taking into account

the nature scope or purpose of the processing concerned as well as the num ber of data subjects

affected and the level of damage suffered by them; ...................................................................... 33

The nature of the infringement ..................................................................................................... 34

The gravity of the infringement .................................................................................................... 34

The duration of the infringement .................................................................................................. 35

Article 83(2)(b) GDPR: the intentional or negligent character of the infringement; ..................... 35

Article 83(2)(c) GDPR: any action taken by the controller or proc essor to mitigate the damage

suffered by data subjects; ................................................................................................................ 37

Article 83(2)(d) GDPR: the degree of responsibility of the controller or processor taking into

account technical and organisational measures implemented by them pursuant to Articles 25

and 32 GDPR; .................................................................................................................................... 39

Article 83(2)(e) GDPR: any relevant previous infringements by the controller or processor; ...... 39

Article 83(2)(f) GDPR: the degree of cooperation with the super visory authority, in order to

remedy the infringement and mitigate the possible adverse effects of the infringement; .......... 39

Article 83(2)(g) GDPR: the categories of personal data affected by the infringement;................. 40

Article 83(2)(h) GDPR: the manner in which the infringement becam e known to the supervisory

authority, in particular whether, and if so to what extent, the controller or processor notified

the infringement; ............................................................................................................................. 40

Article 83(2)(i) GDPR: where measures referred to in Article 58(2) have previously been ordered

against the controller or processor concerned with regard to t he same subject-matter,

compliance with those measures; ................................................................................................... 40

Article 83(2)(j) GDPR: adherence to approved codes of conduct pursuant t o Article 40 GDPR or

approved certification mechanisms pursuant to Article 42 GDP R; and ......................................... 41

Article 83(2)(k) GDPR: any other aggravating or mitigating factor applicable to the circumstances

of the case, such as financial benefits gained, or losses avoi ded, directly or indirectly, from the

infringement. .................................................................................................................................... 41

N. Decisions on Whether to Impose Administrative Fines ................................................................ 41

Article 83(3) GDPR ............................................................................................................................ 43

Articles 83(4) and 83(5) GDPR .......................................................................................................... 46

O. Summary of Envisaged Action ...................................................................................................... 50

P. Right of Appeal .............................................................................................................................. 50

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Centric Health Ltd. (“Centric”) - February 2023

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users