Complaints about breaches of data protection

Tastatur mit Aufschrift Datenschutz

Whether in the medical field, at work, in counselling centres or in public authorities: There are strict rules for handling personal data. These also apply to information in connection with an HIV infection.

You have the right to decide on the use and dissemination of the data that is part of your life.

Data breaches relating to HIV are particularly common in the healthcare sector. 

  • Health-related data such as patient files must not be left lying around unattended. Even with electronically recorded data, it must be ensured that unauthorised persons cannot view it.
  • Medical findings and other data may only be passed on to those employees who are directly involved - be it in treatment, care or administration.
  • Labelling patient files from the outside, e.g. with a red dot, is always a breach of data protection.

The following professional groups are also subject to the duty of confidentiality under the Criminal Code: doctors, lawyers, clergy, psychologists, social workers and employees of social or private insurance companies. Anyone who breaches professional confidentiality is personally liable to prosecution.

What can you do in the event of an offence?

As a first step, you can contact the institution and point out the lack of data protection. If you don't want to do

Checkliste mit Stiften

 this, you can also write directly to the data protection officer at the organisation. We can help you with the wording. It is important that you describe exactly what happened, when and with whom. Data protection officers must respond and provide information on all aspects of the collection and processing of data.

After the audit, you should receive a written statement from the data protection officer. If this does not happen or if the statement is inadequate, you can lodge a complaint with the data protection supervisory authority in your federal state. This authority is obliged to investigate complaints and make recommendations for improvements and can also impose fines in the event of serious data protection deficiencies and serious violations.

If you would like to defend yourself legally, we are happy to recommend expert lawyers for advice and representation.

‘My complaint to the data protection officer took quite a long time to process, but it was worth it. File markings were removed and the hospital apologised to me again.’ (Martin K., person seeking advice from the DAH's HIV-related discrimination contact centre)

GOOD TO KNOW

  • The right to informational self-determination means that you can generally decide for yourself how your personal data is disclosed and used. 
  • The EU General Data Protection Regulation (GDPR) has strengthened citizens' rights to information and significantly increased the fines for violations.
  • In clinics and medical practices, data protection and medical confidentiality also apply internally: Employees are not allowed to access all patient data, but only the data they need for their tasks.