Banca Comercială Română S.A.: Insufficient legal basis for data processing

The Romanian DPA (ANSPDCP) has fined Banca Comercială Română S.A. EUR 2,000. A data subject had initiated a complaint with the DPA because the controller had used his personal data in the context of an enforcement procedure for debts arising from a credit agreement of which he was unaware.

GDPR Articles: Art. 5 (1) a), d), (2) GDPR, Art. 6 GDPR
Industry: Finance, Insurance and Consulting