Piraeus Bank – €210,000 Fine (Greece, 2023)

€210,000Hellenic Data Protection Authority12 June 2023Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Greece fined Piraeus Bank EUR 210,000 for mishandling customer data. The bank processed personal data without proper legal grounds and didn't respond correctly to a customer's data access request. This case emphasizes the need for banks to follow strict data protection rules.

What happened

Piraeus Bank processed customer data unlawfully and failed to properly handle a data access request.

Who was affected

Customers of Piraeus Bank whose personal data was processed without proper legal basis.

What the authority found

The Hellenic Data Protection Authority found the bank violated GDPR by processing data unlawfully and not complying with a data access request.

Why this matters

This ruling underscores the need for banks to ensure they have a legal basis for data processing and to handle data access requests properly. It serves as a reminder of the importance of data protection compliance.

GDPR Articles Cited

AI-verified

Art. 15 GDPR
Art. 5(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 6 GDPR
Art. 15(1) GDPR
Art. 25(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
Greece enforcementHellenic Data Protection Authority actionsAll Piraeus Bank actions
Full Legal Summary
Detailed

The Hellenic DPA has imposed a fine of EUR 210,000 on Piraeus Bank. During its investigation, the DPA found that the bank had processed personal data of customers in violation of the principle of lawfulness. In addition, the DPA found that the bank had processed personal data without taking appropriate and effective technical and organizational measures to process only the data necessary for the specific purpose. Finally, the DPA found that the bank had failed to properly comply with a data subject's request for access to their personal data.

Related Enforcement Actions (2)

Other enforcement actions involving Piraeus Bank in GR

Fine
Apr 2022· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 10,000 on Piraeus Bank. The bank had mistakenly sent a document containing data of the data subject to a th...

€10K
Fine
Feb 2023· Hellenic Data Protection Authority

The Hellenic DPA has imposed a fine of EUR 30,000 on Piraeus Bank. A customer had filed a complaint with the DPA because the bank had disclosed transa...

€30K
Current
Jun 2023

Fine

€210K

Details

Fine Date

12 June 2023

Authority

Hellenic Data Protection Authority

Fine Amount

€210,000

Enforcement Tracker ID

ETid-1921

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Piraeus Bank - Greece (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: