NTT Data Italia S.P.A – €800,000 Fine (Italy, 2024)

€800,000Garante per la protezione dei dati personali8 February 2024Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

NTT Data Italia S.P.A was fined for not notifying UniCredit about a data breach in time, which is crucial for protecting personal information. This case matters because it shows that companies must communicate quickly about data breaches to safeguard users. Other businesses should ensure they have strong communication protocols in place for data security.

What happened

NTT Data failed to inform UniCredit about a data breach in a timely manner.

Who was affected

UniCredit, the bank that contracted NTT Data for security services.

What the authority found

The Garante determined that NTT Data did not meet its obligations to notify UniCredit of a data breach as required under GDPR.

Why this matters

This case underscores the importance of timely communication in data breach situations. Companies must have clear procedures to report breaches to protect user data and avoid significant fines.

GDPR Articles Cited

AI-verified

Art. 28(2) GDPR
Art. 33(2) GDPR
View original scraped data
Art. 28(2) GDPR
Art. 33(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll NTT Data Italia S.P.A actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 800,000 on NTT Data Italia S.P.A. The fine is related to the fine imposed on UniCredit (ETid-2227). UniCredit had contracted NTT to carry out vulnerability analyses and penetration tests. During its investigation, the DPA found that NTT had not notified UniCredit of a data breach in a timely manner. In addition, NTT had contracted another company to carry out vulnerability assessments and penetration tests without prior authorization from the bank as the data controller.

Related Enforcement Actions (0)

No other enforcement actions found for NTT Data Italia S.P.A in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

8 February 2024

Authority

Garante per la protezione dei dati personali

Fine Amount

€800,000

Enforcement Tracker ID

ETid-2242

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. NTT Data Italia S.P.A - Italy (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: