Bank of Ireland 365: Insufficient technical and organisational measures to ensure information security

The Irish DPA has fined Bank of Ireland 365 EUR 750,000. The bank had notified the DPA of 10 data breaches linked to the bank's app. Unauthorized persons had managed to gain access to the app as well as to other individuals' accounts. The DPA determined that this data breach was facilitated due to the bank's failure to implement appropriate technical and organizational measures to protect personal data.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR
Industry: Finance, Insurance and Consulting