For a current occasion I have to step on the feet of the Gozo General Hospital operated by a Private Company named Steward Health Care. There it is still practiced that people who have an A in their ID have to show a payslip. There have been petitions about this[1], but it takes a long time.
However, as a data protectionist, I noticed that the people concerned do not get any information about this,
what the information is used for,
what information is being collected,
why there is selective unequal treatment in data collection,
how, where and for how long the data is stored,
and most importantly, why data is being collected that has no relation to the Maltese government's cost recovery.
People with an A in their ID have to provide the proof EVERY month.
I clearly see a violation of basic laws regarding data protection.
If the Maltese government has given a mandate to check the rightful use of the social system, there must be documents and a process to protect the data.
Who would have thought that the GDPR could bring down the system. Because I plan to carry that thing all the way to Brussels if the Maltese office doesn't make an effort out of oportunity. And GDPR violations are known to carry heavy penalties, especially for private companies like Steward Health Care.
I have sent a mail to the hospital.
Dear Sir or Madam
As a blogger and person that has knowledge about GDPR, I have observed that data is collected from payslips
and requested either as a written piece or as an email.
There are already activities in the EU that show that this behavior is illegal.
However, as a former victim of this process, I have noticed that the persons concerned do not receive any
information about
- what the information is used for,
- which information is being used for,
- what information is being collected,
- why selective unequal treatment in data collection is taking place,
- how, where and for how long the data is stored,
and most importantly, why data is being collected that has no relation to the Maltese government's cost recovery.
People with an A in their ID have to provide the proof EVERY month.
I clearly see a violation of basic laws regarding data protection / GDPR.
If the Maltese government has given a mandate to check the rightful use of the social system, there must be
documents and a process to protect the data.
I ask myself, since I personally already had to send data, a comprehensive information.
Since I personally have to claim my right to data protection and no comprehensive data protection declaration
was available BEFORE the data was sent, I have begun to file a corresponding complaint with the government agency.
I would like to point out that a violation of GDPR causes high costs, as your offense has been proven
to continue even after the enactment of 2018 with intent to enrich yourself. I is easier to pick up Money because
the chances of claiming back these are lower. Also It might be a chance that there will picked Money by the
Patient and the GOV as well.
This writing has been made available to the public at https://dockerr.me. I will file your response there also.
Yours sincerely,