Greece
National Bank of Greece S.A
120,000 €
GDPR enforcement action by Hellenic Data Protection Authority (HDPA) on 2025-01-10.
Rank · Sector
#82
of 321 in Finance, Insurance and Consulting
Rank · Greece
#14
of 93
Rank · All fines
#440
of 3,039
Case details
- Authority
- Hellenic Data Protection Authority (HDPA)
- Date
- 2025-01-10
- Controller / Processor
- National Bank of Greece S.A
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) d), f) GDPR, Art. 15 GDPR, Art. 25 (1) GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 34 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Greek DPA has imposed a fine of EUR 120,000 on the National Bank of Greece S.A. The controller offered money transfers via the i-bank Pay/IRIS payment function. Due to technical errors, multiple cases of wrongful money transfers occurred because the controller failed to ensure that the correct phone numbers were linked to the correct profiles. The controller also failed to adequately respond to data subjects' requests to exercise their rights and failed to notify a personal data breach within the legal time period.
Open original source
Links to the regulator's original publication or another source.
Related fines
Greece
2022-07-13
20,000,000 €
ETid-1268
Clearview Al Inc.
Industry and Commerce
Greece
2022-01-27
6,000,000 €
ETid-1024
Cosmote Mobile Telecommunications S.A.
Media, Telecoms and Broadcasting
Greece
2022-01-27
3,200,000 €
ETid-1025
OTE Group
Media, Telecoms and Broadcasting
Greece
2024-02-28
2,995,140 €
ETid-2284
Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ)
Transportation and Energy
Greece
2025-06-25
550,000 €
ETid-2878
Vodafone – PANAFON A.E.E.T.
Media, Telecoms and Broadcasting
Greece
2024-05-27
400,000 €
ETid-2556
Ministry of Interior (Greece)
Public Sector and Education