National Bank of Greece S.A – €120,000 Fine (Greece, 2025)

€120,000Hellenic Data Protection Authority10 January 2025Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The National Bank of Greece was fined €120,000 for making mistakes with money transfers and not responding properly to customer requests. This matters because it shows that banks must handle personal data carefully and respond to customer rights requests in a timely manner.

What happened

The National Bank of Greece mishandled money transfers and failed to respond adequately to customers' requests regarding their data.

Who was affected

Customers of the National Bank of Greece who experienced wrongful money transfers and had requests ignored.

What the authority found

The Greek DPA found that the bank violated GDPR by not ensuring correct data handling and not responding to customer rights requests.

Why this matters

This case highlights the need for financial institutions to improve their data handling practices and customer service regarding personal data.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)
Art. 5(1)(d) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1) d) GDPR
f) GDPR
Art. 15(GDPR)
Art. 25(1) GDPR
Art. 32(GDPR)
Art. 33(GDPR)
Art. 34(GDPR)

Original data from scraper before AI verification against source document.

Source verified 5 May 2026
verified correct
Greece enforcementHellenic Data Protection Authority actionsAll National Bank of Greece S.A actions
Full Legal Summary
Detailed

The Greek DPA has imposed a fine of EUR 120,000 on the National Bank of Greece S.A. The controller offered money transfers via the i-bank Pay/IRIS payment function. Due to technical errors, multiple cases of wrongful money transfers occurred because the controller failed to ensure that the correct phone numbers were linked to the correct profiles. The controller also failed to adequately respond to data subjects' requests to exercise their rights and failed to notify a personal data breach within the legal time period.

Related Enforcement Actions (0)

No other enforcement actions found for National Bank of Greece S.A in GR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 January 2025

Authority

Hellenic Data Protection Authority

Fine Amount

€120,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. National Bank of Greece S.A - Greece (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: