Romania
ING Bank N.V.
0 €
GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2019-11-28.
Case details
- Authority
- Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
- Date
- 2019-11-28
- Controller / Processor
- ING Bank N.V.
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
Original Fine Summary: ING Bank has not taken appropriate technical and organisational measures for an automated data processing system during the settlement process of card transactions affecting 225,525 customers, resulting in double transactions being executed between 8 and 10 October. Update: The Bucharest Court of Appeal overturned the fine of EUR 80,000.
Open original source
Links to the regulator's original publication or another source.
Related fines
Romania
2019-06-27
130,000 €
ETid-57
UNICREDIT BANK SA
Finance, Insurance and Consulting
Romania
2026-03-25
125,000 €
ETid-3071
RENAULT COMMERCIAL ROUMANIE S.R.L.
Industry and Commerce
Romania
2023-11-13
110,000 €
ETid-2112
Rompetrol Downstream SRL
Transportation and Energy
Romania
2020-12-17
100,000 €
ETid-489
Banca Transilvania SA
Finance, Insurance and Consulting
Romania
2023-08-21
70,000 €
ETid-2013
Uipath SRL
Industry and Commerce
Romania
2023-06-20
40,000 €
ETid-2135
Dante International SA
Industry and Commerce