Banca Comercială Română SA – €2,000 Fine (Romania, 2022)

€2,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal19 September 2022Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Banca Comercială Română was fined EUR 2,000 after a data breach sent customer information to the wrong people. This breach shows the importance of strong security measures to protect personal data. Businesses should ensure their systems are secure to avoid similar mistakes.

What happened

Banca Comercială Română experienced a data breach where emails with customer data were sent to incorrect recipients.

Who was affected

The breach affected 564 customers whose personal and financial information was exposed.

What the authority found

The Romanian DPA found the bank failed to implement adequate security measures, violating GDPR's security requirements.

Why this matters

This case highlights the need for robust IT security to prevent data breaches. Companies should regularly review and update their security protocols to protect customer data.

GDPR Articles Cited

Art. 25(1) GDPR
Art. 32(1)(b) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Banca Comercială Română SA actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 2,000 on Banca Comercială Română SA. The bank had notified the DPA of a data breach pursuant to Art. 33 GDPR. Due to an error in the IT application of the controller, emails containing personal data of customers were sent to the wrong recipients. This data breach resulted in the unauthorized disclosure of and access to certain personal data such as first and last name, home address, phone number, email address, and financial information. The incident affected 564 individuals. The DPA found that the bank had failed to take appropriate technical and organizational measures to ensure a level of security commensurate with the processing risk.

Related Enforcement Actions (1)

Other enforcement actions involving Banca Comercială Română SA in RO

Fine
May 2020· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The data protection authority finds that the company has not taken adequate technical and organisational measures to ensure an adequate level of infor...

€5K
Current
Sept 2022

Fine

€2K

Details

Fine Date

19 September 2022

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€2,000

Enforcement Tracker ID

ETid-1403

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Banca Comercială Română SA - Romania (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: