SC Raiffeisen Bank SA: Non-compliance with general data processing principles

The Romanian DPA has imposed a fine of EUR 2,000 on SC Raiffeisen Bank SA. An individual had filed a complaint with the DPA for receiving text messages about money transfers to certain persons that they had not effected. During its investigation, the DPA found that the bank had accidentally used the telephone number of the data subject for transaction purposes in 44 cases. The data subject was not a customer of the bank and had not requested the transactions.

GDPR Articles: Art. 5 (1) d) GDPR
Industry: Finance, Insurance and Consulting