Romania
UNICREDIT BANK SA
130,000 €
GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2019-06-27.
Rank · Sector
#77
of 322 in Finance, Insurance and Consulting
Rank · Romania
#1
of 283
Rank · All fines
#426
of 3,050
Case details
- Authority
- Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
- Date
- 2019-06-27
- Controller / Processor
- UNICREDIT BANK SA
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 25 (1) GDPR, Art. 5 (1) c) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The fine was issued as a result of the failure to implement appropriate technical and organisational measures (related to (1) the determination of the processing means/operations, and (2) the integration the necessary safeguards) resulting in the online-disclosure of IDs and addresses (interla/external transactions) of 337,042 data subjects to their respective beneficiary (between 25.05.2018 -10.12.2018).
Open original source
Links to the regulator's original publication or another source.
Related fines
Romania
2026-03-25
125,000 €
ETid-3071
RENAULT COMMERCIAL ROUMANIE S.R.L.
Industry and Commerce
Romania
2023-11-13
110,000 €
ETid-2112
Rompetrol Downstream SRL
Transportation and Energy
Romania
2020-12-17
100,000 €
ETid-489
Banca Transilvania SA
Finance, Insurance and Consulting
Romania
2023-08-21
70,000 €
ETid-2013
Uipath SRL
Industry and Commerce
Romania
2023-06-20
40,000 €
ETid-2135
Dante International SA
Industry and Commerce
Romania
2025-01-27
40,000 €
ETid-2686
Orange Romania SA
Media, Telecoms and Broadcasting