Piraeus Bank – €10,000 Fine (Greece, 2022)

€10,000Hellenic Data Protection Authority4 April 2022Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Piraeus Bank was fined EUR 10,000 for sending a customer's data to the wrong person due to an email error. The bank didn't stop the mistake or report it quickly, breaking confidentiality rules. This case shows the importance of promptly addressing data breaches.

What happened

Piraeus Bank mistakenly sent a customer's data to an incorrect email address and failed to stop the error.

Who was affected

A customer of Piraeus Bank whose personal data was mistakenly shared with a third party.

What the authority found

The Hellenic DPA found that the bank breached confidentiality rules by not stopping the erroneous data sharing and failing to report the breach promptly.

Why this matters

This case highlights the need for businesses to act quickly to correct data breaches and report them to authorities. It underscores the importance of maintaining confidentiality and protecting customer data.

GDPR Articles Cited

Art. 33 GDPR
Art. 34 GDPR
Art. 5(1)(f) GDPR
Greece enforcementHellenic Data Protection Authority actionsAll Piraeus Bank actions
Full Legal Summary
Detailed

The Hellenic DPA has imposed a fine of EUR 10,000 on Piraeus Bank. The bank had mistakenly sent a document containing data of the data subject to a third party. This error was based on a wrongly provided e-mail address by a co-owner of the account. Although the bank became aware of this error, they did not stop sending the communications to the third party, but instead instructed the data subject to exercise their right to correct the inaccurate data. As a result of its investigation, the DPA found that the bank had violated the principle of confidentiality for failing to stop sending the communications. The DPA also found that the bank had failed to report the data breach to the DPA and the data subject in a timely manner.

Related Enforcement Actions (2)

Other enforcement actions involving Piraeus Bank in GR

Current
Apr 2022

Fine

€10K

Fine
Feb 2023· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 30,000 on Piraeus Bank. A customer had filed a complaint with the DPA because the bank had disclosed transa...

€30K
Fine
Jun 2023· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 210,000 on Piraeus Bank. During its investigation, the DPA found that the bank had processed personal data ...

€210K

Details

Fine Date

4 April 2022

Authority

Hellenic Data Protection Authority

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1132

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Piraeus Bank - Greece (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: