Banca popolari di Bari S.p.a. – €10,000 Fine (Italy, 2024)
Banca popolari di Bari S.p.a. was fined €10,000 for not responding properly to a request for information from a deceased person's heir. This is important because it shows banks must be transparent and responsive when handling requests about deceased individuals' accounts. It reminds financial institutions to prioritize customer requests, even after death.
What happened
Banca popolari di Bari S.p.a. failed to provide timely access to account information requested by the heir of a deceased customer.
Who was affected
The heir of a deceased customer who sought information about their father's bank accounts was affected.
What the authority found
The Italian data protection authority found that the bank violated GDPR by not responding adequately to the heir's requests for information.
Why this matters
This ruling highlights the obligation of banks to handle requests from heirs promptly and transparently. It serves as a reminder for all financial institutions to improve their processes for managing such requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 31 July 2023 a data subject complained to the DPA against a bank - Banca popolari di Bari S.p.a. (‘controller’). The data subject made an access request as an heir to her deceased father. The request was based on Article 15 GDPR and [https://www.garanteprivacy.it/codice Article 2-terdecies of the Italian Data Protection Code] which makes a special reference to heirs who are beneficiaries of life insurance policies. The data subject claimed that despite repeated requests, the bank initially stated there were no accounts in her father's name. Later, the bank acknowledged their existence but failed to provide the requested information. After the Authority intervened, the bank partially responded, offering access to account statements for the last ten years but requiring a formal request under [https://www.bancaditalia.it/compiti/vigilanza/intermediari/Testo-Unico-Bancario.pdf Article 119 of Consolidated Bank Act no. 385/1993]. The complainant remained dissatisfied and insisted on the access to all data related to her father. Following this, the bank finally provided account statements of the deceased person. Nevertheless, the DPA initiated proceedings against the bank for violations of Articles 12(3), 12(4) and 12(5) GDPR related to the action taken on the request of the data subject. In the defense briefs, the bank explained that the failure to timely reply to the initial request of the data subject and to the subsequent reminders was caused by a series of operational misunderstandings. In particular, the data subject mistakenly directed their request to a different e-mail address rather than the one designated for the Data Protection Officer. Moreover, the bank initially believed that no accounts were held in the name of the deceased and subsequently, the organizational unit of the bank misclassified the request. All of this led to the failure to promptly handle the request within the prescribed timeframes. The bank promptly took steps to address the situation
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Banca popolari di Bari S.p.a. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
7 March 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€10,000
GDPRhub ID
gdprhub-7860About this data
Cite as: Cookie Fines. Banca popolari di Bari S.p.a. - Italy (2024). Retrieved from cookiefines.eu
Last updated: