National Bank of Greece – €20,000 Fine (Greece, 2021)

€20,000Hellenic Data Protection Authority26 August 2021Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The National Bank of Greece was fined for replacing customers' debit and credit cards without their consent. This matters because it shows that companies must inform users about how their data is collected and used. Businesses should ensure they get clear consent before implementing new features that affect user data.

What happened

The National Bank of Greece replaced customers' cards with new ones that tracked transaction history without consent.

Who was affected

Customers of the National Bank of Greece who received new cards with tracking features.

What the authority found

The authority found that the bank did not properly inform customers about the data collection, violating GDPR rules.

Why this matters

This case emphasizes the need for clear communication about data practices. Companies should prioritize user consent and transparency in their operations.

GDPR Articles Cited

AI-verified

Art. 12(1) GDPR
Art. 15(1) GDPR
View original scraped data
Art. 12(1) GDPR
(2)
(3) GDPR
Art. 15(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
articles corrected
Greece enforcementHellenic Data Protection Authority actionsAll National Bank of Greece actions
Full Legal Summary
Detailed

The Hellenic DPA has imposed a fine of EUR 20,000 on the National Bank of Greece. A data subject had filed a complaint against a company and the bank after they failed to comply with his right to information. After returning a product he had purchased from a company, the data subject had asked the company via Facebook Messenger to inform him about the request to cancel his credit card statements sent electronically to the bank. However, the controller refused to comply, whereupon the data subject asserted the same right with the bank, which, however, did not provide him with a response.

Related Enforcement Actions (2)

Other enforcement actions involving National Bank of Greece in GR

Current
Aug 2021

Fine

€20K

Fine
Jul 2022· Hellenic Data Protection Authority

The National Bank of Greece (the controller) replaced all debit/credit cards of its customers (data subjects) with new ones which could carry out cont...

€20K
Fine
Jan 2025· Hellenic Data Protection Authority

The DPA received numerous complaints against the Greek National Bank (the controller) concerning the violation of the right of access of data subjects...

€200K

Details

Fine Date

26 August 2021

Authority

Hellenic Data Protection Authority

Fine Amount

€20,000

Enforcement Tracker ID

ETid-841

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. National Bank of Greece - Greece (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: