Skip to content
Enforcement
EN

UNICREDIT BANK SA: Insufficient technical and organisational measures to ensure information security

€130,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

€130,000 Fine
UNICREDIT BANK SA
ROMANIA
Insufficient technical and organisational measures to ensure information security

Content

The fine was issued as a result of the failure to implement appropriate technical and organisational measures (related to (1) the determination of the processing means/operations, and (2) the integration the necessary safeguards) resulting in the online-disclosure of IDs and addresses (interla/external transactions) of 337,042 data subjects to their respective beneficiary (between 25.05.2018 -10.12.2018).

GDPR Articles: Art. 25 (1) GDPR, Art. 5 (1) c) GDPR
Industry: Finance, Insurance and Consulting