ALFA BANK S.A. – €20,000 Fine (Greece, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
ALFA BANK faced a EUR 20,000 fine from the Hellenic Data Protection Authority for not telling customers that their last 10 card transactions were stored on the card chip. This lack of transparency violated GDPR rules. Banks need to be upfront about data storage practices to maintain customer trust.
What happened
ALFA BANK stored the last 10 card transactions on the card chip without notifying customers.
Who was affected
Customers using debit or credit cards issued by ALFA BANK.
What the authority found
The Hellenic DPA determined that ALFA BANK breached GDPR by failing to inform customers about transaction data storage on card chips.
Why this matters
This decision underscores the need for banks to be transparent about data handling. It serves as a reminder for financial institutions to review their data communication strategies to ensure compliance with GDPR.
GDPR Articles Cited
The Hellenic DPA has imposed a fine of EUR 20,000 on ALFA BANK S.A.. In the context of the use of certain debit/credit cards, information of the last 10 transactions were stored on the chip of the card without the customers' explicit consent. This information could be read out later. The DPA found that the bank had failed to inform affected customers about this storage of transaction information and therefore violated Art. 13 GDPR.
Related Enforcement Actions (0)
No other enforcement actions found for ALFA BANK S.A. in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
3 October 2022
Authority
Hellenic Data Protection Authority
Fine Amount
€20,000
Enforcement Tracker ID
ETid-1455
About this data
Cite as: Cookie Fines. ALFA BANK S.A. - Greece (2022). Retrieved from cookiefines.eu
Last updated: