Unicredit Bank gets first GDPR-related fine issued in Romania

Paul Barbu 04/07/2019 | 15:54

Unicredit Bank is the recipient of the first fine related to GDPR in Romania, with a value of EUR 130,000, following an investigation into personal data use by the National Supervisory Authority. 

The sanction was applied to Unicredit Bank S.A. as a result of the failure to apply appropriate technical and organizational measures, both in the determination of the processing means and the processing operations themselves, to effectively implement data protection principles, such as minimizing data to a minimum and integrating the necessary safeguards in the processing, to meet the GDPR requirements and to protect the rights of the data subjects.

This led to documents containing the details of transactions, which are made available online to payment recipients, revealing the personal identification number and address of payers (for situations where the payer performs the transaction from an account opened with another credit institution – external transactions and cash deposits) and the payer’s address for situations where the payer made the transaction from an account opened with Unicredit Bank – internal transactions, for a number of 337,042 targeted persons, during the period May 25, 2018 – December 10, 2018.

 

 

Close ×

We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

Accept & continue