Enforcement
EN Unicredit Bank SA: Insufficient technical and organisational measures to ensure information security
€12,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) fined Unicredit Bank SA €12,000 on 2026-05-29 for: Insufficient technical and organisational measures to ensure information security.
GDPR Articles: Art. 32 (1) b), (2), (4) GDPR, Art. 33 (1) GDPR
Sector: Finance, Insurance and Consulting
Country: Romania
Source: https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_29_05_2026