Enforcement
EN UNICREDIT BANK SA: Insufficient technical and organisational measures to ensure information security
€130,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The fine was issued as a result of the failure to implement appropriate technical and organisational measures (related to (1) the determination of the processing means/operations, and (2) the integration the necessary safeguards) resulting in the online-disclosure of IDs and addresses (interla/external transactions) of 337,042 data subjects to their respective beneficiary (between 25.05.2018 -10.12.2018).
GDPR Articles: Art. 25 (1) GDPR, Art. 5 (1) c) GDPR
Industry: Finance, Insurance and Consulting