Bank (name not available at the moment) – Order (Croatia, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Croatian bank refused to give customers copies of their loan documents, claiming they weren't covered by access rights. The privacy authority ordered the bank to comply and provide the documents, highlighting the importance of customer rights under GDPR. This case shows businesses must respect customer access rights to personal data.
What happened
The bank refused to provide customers with copies of their loan documents, claiming they were not subject to access rights.
Who was affected
Customers of the bank who requested access to their loan documentation.
What the authority found
The privacy authority ordered the bank to provide the requested loan documents, emphasizing the customers' right to access their personal data under GDPR.
Why this matters
This case highlights the importance of respecting customer rights to access their personal data. Businesses should ensure they comply with GDPR access rights to avoid penalties and maintain customer trust.
GDPR Articles Cited
In the period from May 2018 to April 2019, the bank (name not available at the moment) refused to provide its customers with copies of credit documentation (e.g. repayment plan, loan agreement annex, interest rates changes review etc.). The bank insisted with the argument that the documentation is related to repaid loans and represents loan documentation that cannot be subject to the customers’ right of access. During the procedure initiated based on data subject’s complaints, the DPA ordered the bank to enable the right of access and provide copies of the requested loan documentation. When imposing the fine, the DPA took into consideration especially that the bank failed to comply with the ordered measures, that it continued with such practice for almost a year and denied the right of access to more than 2500 of its customers. The amount of the fine is now known at the moment, but as the DPA qualified the breach as “severe”, a high fine is expected.
Outcome
Order
A binding order requiring the controller to take specific action.
Related Enforcement Actions (0)
No other enforcement actions found for Bank (name not available at the moment) in HR
This is the only recorded action for this entity in this jurisdiction.
Details
Order Date
13 March 2020
Authority
Agencija za zaštitu osobnih podataka
Enforcement Tracker ID
ETid-239
About this data
Cite as: Cookie Fines. Bank (name not available at the moment) - Croatia (2020). Retrieved from cookiefines.eu
Last updated: