ING Bank NV Amsterdam – Sucursala București S.A. – €4,000 Fine (Romania, 2026)

€4,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal23 March 2026Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ING Bank NV Amsterdam – Sucursala București S.A. was fined for not securing customer data properly, which led to sensitive information being given to an unauthorized person. This is significant because it shows that banks must take strong measures to protect customer information.

What happened

ING Bank NV Amsterdam – Sucursala București S.A. failed to implement adequate security measures, resulting in an employee sharing bank statements with an unauthorized third party.

Who was affected

Customers of ING Bank whose bank statements were improperly shared were affected.

What the authority found

The Romanian DPA found that the bank did not have sufficient technical and organizational measures in place to protect personal data, violating GDPR's security requirements.

Why this matters

This ruling highlights the critical need for financial institutions to prioritize data security and ensure that they have robust measures in place to protect customer information.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR
Art. 32(4) GDPR
View original scraped data
Art. 32(1) b) GDPR
d)
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 April 2026
articles corrected
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll ING Bank NV Amsterdam – Sucursala București S.A. actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 4,000 on ING Bank NV Amsterdam – Sucursala București S.A. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in an employee handing bank account statements to an unauthorised third party.

Related Enforcement Actions (0)

No other enforcement actions found for ING Bank NV Amsterdam – Sucursala București S.A. in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

23 March 2026

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€4,000

Enforcement Tracker ID

ETid-3070

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ING Bank NV Amsterdam – Sucursala București S.A. - Romania (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: