Intesa Sanpaolo SpA – €100,000 Fine (Italy, 2022)
Intesa Sanpaolo SpA, an Italian bank, was fined EUR 100,000 for sharing a customer's account data with her father without her consent. The bank mistakenly believed the father was still authorized to access the data. This case emphasizes the need for businesses to verify data access permissions regularly.
What happened
Intesa Sanpaolo SpA disclosed a customer's account data to her father without a valid legal basis.
Who was affected
A bank customer whose account information was shared with her father without her consent.
What the authority found
The authority ruled that the bank unlawfully processed personal data by sharing it without a valid legal basis, rejecting the bank's good faith defense.
Why this matters
This case serves as a warning for companies to regularly review and update access permissions to ensure compliance with privacy laws. It also illustrates that good faith is not a valid defense for avoidable mistakes in data handling.
GDPR Articles Cited
The case involved unlawful processing of personal data by disclosing account information to an unauthorized third party.
Related Enforcement Actions (0)
No other enforcement actions found for Intesa Sanpaolo SpA in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 May 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€100,000
GDPRhub ID
gdprhub-5060About this data
Cite as: Cookie Fines. Intesa Sanpaolo SpA - Italy (2022). Retrieved from cookiefines.eu
Last updated: