ING Bank N.V. Amsterdam – Bucharest Branch – €1,000 Fine (Romania, 2021)

€1,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal25 January 2021Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ING Bank's Bucharest branch was fined EUR 1,000 for sending outdated personal data to a partner, affecting 270 people. This incident shows the importance of keeping personal data accurate and secure. Companies should regularly update their data handling procedures to prevent similar breaches.

What happened

ING Bank's Bucharest branch sent outdated personal data to a contractual partner, violating GDPR rules.

Who was affected

270 individuals whose outdated personal data was improperly shared by ING Bank.

What the authority found

The Romanian authority found that ING Bank failed to implement adequate measures to ensure data accuracy and confidentiality, leading to a GDPR violation.

Why this matters

This fine highlights the need for businesses to maintain accurate data and secure processing practices. Regular checks and updates to data handling procedures are crucial to comply with GDPR.

GDPR Articles Cited

Art. 29 GDPR
Art. 32(2) GDPR
Art. 32(4) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll ING Bank N.V. Amsterdam – Bucharest Branch actions
Full Legal Summary
Detailed

A controller's contractual partner received from a controller's processor, on two different dates, files containing outdated information in order to issue insurance policies. As result, 270 individuals were affected. Does processing personal data by violating the working procedure leads to a violation of the GDPR? The ANSPDCP found that the controller sent (through its processor) to a contractual partner, files containing outdated information. The data were outdated because the employees of the insurance policy monitoring department did not check and process the insurance policies in accordance with the working procedure. A number of 270 data subjects were affected because the technical and organizational measures implemented by the controller before the incident were not sufficient and led to the violation of the confidentiality of personal data.

Related Enforcement Actions (1)

Other enforcement actions involving ING Bank N.V. Amsterdam – Bucharest Branch in RO

Fine
Dec 2020· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) conducted an investigation into ING Bank N.V. Amsterdam – Bucharest Branch and found that, due to a system error, the reque...

€3K
Current
Jan 2021

Fine

€1K

Details

Fine Date

25 January 2021

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€1,000

GDPRhub ID

gdprhub-3139

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ING Bank N.V. Amsterdam – Bucharest Branch - Romania (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: