Bank – €380 Fine (Bulgaria, 2021)

€380

Commission for Personal Data Protection

26 October 2021

Bulgaria

final

Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Bulgarian bank was fined EUR 380 for improperly sharing personal data with third parties. This case is important because it shows that even small violations can lead to penalties. Businesses should be careful about how they handle customer data.

What happened

The bank unlawfully transferred personal data to third parties.

Who was affected

Customers whose personal data was shared without proper authorization.

What the authority found

The data protection authority found that the bank violated GDPR by transferring personal data without a legal basis.

Why this matters

This fine serves as a reminder for businesses to follow data protection rules strictly to avoid financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(b) GDPR

View original scraped data

Art. 5(1) b) GDPR

Original data from scraper before AI verification against source document.

Source verified 17 March 2026

verified correct

Bulgaria enforcement Commission for Personal Data Protection actions All Bank actions

Full Legal Summary

Detailed

The Bulgarian DPA has fined a bank EUR 380 for the unlawful transfer of personal data to third parties.

Show full summary

Related Enforcement Actions (2)

Other enforcement actions involving Bank in BG

Fine

Dec 2018· Commission for Personal Data Protection

A fine of 1000 BGN (or roughly 500 EUR) was imposed on a bank for calling a client for the unresolved bills of his neighbor. This provoked the client ...

€500

Fine

Jan 2019· Commission for Personal Data Protection

A bank gained personal data concernign a student wihtout a legal basis.

€500

Current

Oct 2021

Fine

€380