Portugal initiates fines under the GDPR in the EU. The data protection supervisory authority (Comissão Nacional de Proteção de Dados) issued a €400k fine against a hospital for three infringements of the GDPR. This article is the opportunity to analyse two elements:

• looking back at a few important decisions and ruling that we have seen since 25 May 2018; and
• understand what is the current situation with Swiss hospitals from a privacy perspective.