Bank of Ireland – €463,000 Fine (Ireland, 2022)

€463,000Data Protection Commission5 April 2022Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Bank of Ireland was fined €463,000 for failing to report personal data breaches properly. Between November 2018 and June 2019, the bank submitted multiple breach notifications that revealed unauthorized disclosures of customer data. This case underscores the necessity of timely and accurate reporting of data breaches.

What happened

Bank of Ireland failed to report 19 personal data breaches to the Data Protection Commission in a timely manner.

Who was affected

Customers of Bank of Ireland whose personal data was disclosed or altered without authorization.

What the authority found

The Data Protection Commission found that Bank of Ireland violated GDPR by not reporting breaches promptly and accurately.

Why this matters

This case serves as a reminder for all businesses to have clear procedures for reporting data breaches. Timely reporting is crucial to protect users and comply with privacy laws.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)
View original scraped data
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
articles corrected
Ireland enforcementData Protection Commission actionsAll Bank of Ireland actions
Full Legal Summary
Detailed

The Irish DPA has fined the Bank of Ireland EUR 463,000. The bank had reported 22 data breaches to the DPA under Article 33 GDPR. As part of its investigation, the DPA found that the bank had provided false information to the Central Credit Register due to a mix-up of bank customers' account data. This error had the potential to have a negative impact on the creditworthiness of the data subjects. The DPA found that the personal data breach had occurred due to inadequate technical and organizational measures on the part of the bank. In addition, the bank did not immediately inform the data subjects and the DPA about the data breach.

Related Enforcement Actions (2)

Other enforcement actions involving Bank of Ireland in IE

Fine
Mar 2022· Data Protection Commission

The controller is Bank of Ireland (BOI). Between 9 November 2018 to 27 June 2019, the controller submitted 22 breach notifications to the Irish Data P...

€463K
Current
Apr 2022

Fine

€463K

Fine
Feb 2023· Data Protection Commission

This case concerns the Bank of Ireland (BOI) (the controller) and a data breach on the “BOI365” online banking platform. Between 30 January 2020 and 6...

€750K

Details

Fine Date

5 April 2022

Authority

Data Protection Commission

Fine Amount

€463,000

Enforcement Tracker ID

ETid-1115

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bank of Ireland - Ireland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: