Unicredit Bank gets first GDPR-related fine issued in Romania

Unicredit Bank is the recipient of the first fine related to GDPR in Romania, with a value of EUR 130,000, following an investigation into personal data use by the National Supervisory Authority. 

The sanction was applied to Unicredit Bank S.A. as a result of the failure to apply appropriate technical and organizational measures, both in the determination of the processing means and the processing operations themselves, to effectively implement data protection principles, such as minimizing data to a minimum and integrating the necessary safeguards in the processing, to meet the GDPR requirements and to protect the rights of the data subjects.

This led to documents containing the details of transactions, which are made available online to payment recipients, revealing the personal identification number and address of payers (for situations where the payer performs the transaction from an account opened with another credit institution – external transactions and cash deposits) and the payer’s address for situations where the payer made the transaction from an account opened with Unicredit Bank – internal transactions, for a number of 337,042 targeted persons, during the period May 25, 2018 – December 10, 2018. Also, Unicredit Bank was caught in transactions unauthorized by customers in favor of a popular online friv games site (data use by the National Supervisory Authority indicated that the bank’s customers allegedly bought access to paid games on the site).

Read more about

Alexandrion Group is looking for a suitable location in Japan to build a distillery that will produce Japanese single malt whisky

read more