ING Bank N.V. Amsterdam - Bucharest office – €3,000 Fine (Romania, 2020)

€3,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal30 December 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ING Bank's Bucharest office was fined EUR 3,000 for contacting a former customer without consent. The bank emailed the customer to update their data even though the account had been closed. This case shows that businesses must ensure they have a valid reason to process personal data, especially after a contract ends.

What happened

ING Bank contacted a former customer via email to update data despite the account being closed.

Who was affected

A former customer of ING Bank whose personal data was processed without consent after account closure.

What the authority found

The Romanian data protection authority fined ING Bank for unlawfully processing personal data without consent after the contractual relationship ended.

Why this matters

This ruling highlights the importance of having a valid legal basis for processing personal data, particularly after a contract has ended. Companies should review their data handling practices to avoid processing data without consent.

GDPR Articles Cited

Art. 5(1)(a) - d) GDPR
Art. 6(1) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll ING Bank N.V. Amsterdam - Bucharest office actions
Full Legal Summary
Detailed

The Romanian DPA (ANSPDCP) fined ING Bank N.V. Amsterdam - Bucharest office in the amount of EUR 3,000. The bank had contacted the data subject by e-mail for the purpose of updating his data. At that time, however, the data subject had already terminated his account with the bank, so that the contractual relationship had been terminated. As a result, the data controller had unlawfully processed personal data of the former customer without his consent such as the e-mail address and the name and of the data subject.

Related Enforcement Actions (1)

Other enforcement actions involving ING Bank N.V. Amsterdam - Bucharest office in RO

Current
Dec 2020

Fine

€3K

Fine
Feb 2021· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) imposed a fine of EUR 1,000 on ING Bank N.V. Amsterdam - Bucharest Branch. It was found that the controller had sent files ...

€1K

Details

Fine Date

30 December 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€3,000

Enforcement Tracker ID

ETid-505

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ING Bank N.V. Amsterdam - Bucharest office - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: