Piraeus Bank: Non-compliance with general data processing principles

The Hellenic DPA has imposed a fine of EUR 30,000 on Piraeus Bank. A customer had filed a complaint with the DPA because the bank had disclosed transaction and account balance information from two bank accounts of which they were joint owners to the heirs of the other owner in the course of legal proceedings. The DPA determined, that the disclosure of the joint account information was unlawful. In addition, the bank failed to report the incident to the DPA and the data subject in a timely manner.

GDPR Articles: Art. 5 (1) a), f) GDPR, Art. 33 GDPR, Art. 34 GDPR
Industry: Finance, Insurance and Consulting