National Bank of Greece S.A – €120,000 Fine (Greece, 2025)

€120,000Hellenic Data Protection Authority10 January 2025Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Hellenic Data Protection Authority fined the National Bank of Greece €120,000 for making mistakes with money transfers and not responding to customer data requests. This is crucial because it shows that banks must protect customer data and respond to inquiries properly.

What happened

The National Bank of Greece made wrongful money transfers and failed to respond adequately to customer requests for their data.

Who was affected

Customers of the National Bank of Greece who were affected by incorrect money transfers and data requests.

What the authority found

The authority found that the bank violated several GDPR articles by mishandling personal data and not notifying breaches on time.

Why this matters

This ruling highlights the need for financial institutions to maintain strict data protection practices. Other companies should review their data handling and response protocols to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)
Art. 5(1)(d) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1) d) GDPR
f) GDPR
Art. 15(GDPR)
Art. 25(1) GDPR
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)

Original data from scraper before AI verification against source document.

Source verified 5 May 2026
verified correct
Greece enforcementHellenic Data Protection Authority actionsAll National Bank of Greece S.A actions
Full Legal Summary
Detailed

The Greek DPA has imposed a fine of EUR 120,000 on the National Bank of Greece S.A. The controller offered money transfers via the i-bank Pay/IRIS payment function. Due to technical errors, multiple cases of wrongful money transfers occurred because the controller failed to ensure that the correct phone numbers were linked to the correct profiles. The controller also failed to adequately respond to data subjects' requests to exercise their rights and failed to notify a personal data breach within the legal time period.

Related Enforcement Actions (0)

No other enforcement actions found for National Bank of Greece S.A in GR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 January 2025

Authority

Hellenic Data Protection Authority

Fine Amount

€120,000

Enforcement Tracker ID

ETid-1276

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. National Bank of Greece S.A - Greece (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: