Piraeus Bank – €30,000 Fine (Greece, 2023)

€30,000Hellenic Data Protection Authority2 February 2023Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Piraeus Bank was fined EUR 30,000 for sharing a customer's bank account details with heirs without proper consent. The bank also failed to report this incident to the data protection authority and the affected customer in a timely manner. This case highlights the importance of handling personal data carefully and promptly reporting breaches.

What happened

Piraeus Bank disclosed joint account information to heirs without proper authorization.

Who was affected

Customers who were joint owners of bank accounts at Piraeus Bank.

What the authority found

The Hellenic Data Protection Authority found that Piraeus Bank unlawfully disclosed personal data and failed to report the breach in a timely manner.

Why this matters

This case underscores the need for banks and businesses to ensure they have a valid reason for sharing personal data and to report breaches quickly. It serves as a reminder to review data handling and breach notification processes.

GDPR Articles Cited

Art. 33 GDPR
Art. 34 GDPR
Art. 5(1)(a) GDPR
Greece enforcementHellenic Data Protection Authority actionsAll Piraeus Bank actions
Full Legal Summary
Detailed

The Hellenic DPA has imposed a fine of EUR 30,000 on Piraeus Bank. A customer had filed a complaint with the DPA because the bank had disclosed transaction and account balance information from two bank accounts of which they were joint owners to the heirs of the other owner in the course of legal proceedings. The DPA determined, that the disclosure of the joint account information was unlawful. In addition, the bank failed to report the incident to the DPA and the data subject in a timely manner.

Related Enforcement Actions (2)

Other enforcement actions involving Piraeus Bank in GR

Fine
Apr 2022· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 10,000 on Piraeus Bank. The bank had mistakenly sent a document containing data of the data subject to a th...

€10K
Current
Feb 2023

Fine

€30K

Fine
Jun 2023· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 210,000 on Piraeus Bank. During its investigation, the DPA found that the bank had processed personal data ...

€210K

Details

Fine Date

2 February 2023

Authority

Hellenic Data Protection Authority

Fine Amount

€30,000

Enforcement Tracker ID

ETid-1766

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Piraeus Bank - Greece (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: