Thursday, July 4, 2019 - Unicredit Bank gets first GDPR-related fine issued in Romania

UniCredit
Source - http://business-review.eu/business/legal/first-fine-on-gdpr-202887
Where - Romania
Cost - 130,000 EUR
Business line - Payments and Settlement

Unicredit Bank is the recipient of the first fine related to GDPR in Romania, with a value of EUR 130,000, following an investigation into personal data use by the National Supervisory Authority.

The sanction was applied to Unicredit Bank S.A. as a result of the failure to apply appropriate technical and organizational measures, both in the determination of the processing means and the processing operations themselves, to effectively implement data protection principles, such as minimizing data to a minimum and integrating the necessary safeguards in the processing, to meet the GDPR requirements and to protect the rights of the data subjects.

This led to documents containing the details of transactions, which are made available online to payment recipients, revealing the personal identification number and address of payers (for situations where the payer performs the transaction from an account opened with another credit institution – external transactions and cash deposits) and the payer’s address for situations where the payer made the transaction from an account opened with Unicredit Bank – internal transactions, for a number of 337,042 targeted persons, during the period May 25, 2018 – December 10, 2018.