Intesa Sanpaolo Vita S.p.a. – €20,000 Fine (Italy, 2022)

€20,000Garante per la protezione dei dati personali7 July 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy's data protection authority fined Intesa Sanpaolo Vita EUR 20,000 for sharing a customer's personal data without permission. This happened because an employee mistakenly disclosed information about a life insurance policy. The case highlights the importance of safeguarding customer data to prevent unauthorized access.

What happened

Intesa Sanpaolo Vita shared a customer's personal data with third parties without authorization due to an employee's mistake.

Who was affected

A customer who had taken out a life insurance policy with Intesa Sanpaolo Vita.

What the authority found

The Italian authority found that Intesa Sanpaolo Vita unlawfully disclosed personal data, violating GDPR's principles of fairness and confidentiality.

Why this matters

This case underscores the need for companies to ensure their employees handle personal data carefully to avoid unauthorized disclosures. Businesses should implement robust data protection measures to comply with GDPR.

GDPR Articles Cited

Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Intesa Sanpaolo Vita S.p.a. actions
Full Legal Summary
Detailed

The Italian DPA has fined Intesa Sanpaolo Vita S.p.a. EUR 20,000. The data subject, who had taken out a life insurance policy with the controller, had filed a complaint with the DPA against the controller for the unauthorized disclosure of their personal data. In the course of its investigation, the DPA found that the controller had disclosed personal data, such as first name, last name and information about the policy, to third parties without authorization. The unauthorized disclosure had occurred due to an employee's error.

Related Enforcement Actions (0)

No other enforcement actions found for Intesa Sanpaolo Vita S.p.a. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

7 July 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€20,000

Enforcement Tracker ID

ETid-1445

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Intesa Sanpaolo Vita S.p.a. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: