UNICREDIT BANK SA – €130,000 Fine (Romania, 2019)

€130,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal27 June 2019Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Romania's data protection authority fined UniCredit Bank €130,000 for not protecting customer data properly. This led to the accidental online exposure of personal information like IDs and addresses. The case highlights the need for strong data security measures.

What happened

UniCredit Bank failed to implement adequate security measures, leading to the online exposure of customer IDs and addresses.

Who was affected

337,042 customers whose personal information was exposed online.

What the authority found

The authority fined UniCredit Bank for not having proper safeguards in place to protect personal data, violating GDPR requirements.

Why this matters

This fine emphasizes the importance of robust security measures to protect customer data. It serves as a reminder for companies to regularly assess and update their data protection strategies to comply with GDPR.

GDPR Articles Cited

AI-verified

Art. 25(1) GDPR
View original scraped data
Art. 25(1) GDPR
Art. 5(1)(c) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll UNICREDIT BANK SA actions
Full Legal Summary
Detailed

The fine was issued as a result of the failure to implement appropriate technical and organisational measures (related to (1) the determination of the processing means/operations, and (2) the integration the necessary safeguards) resulting in the online-disclosure of IDs and addresses (interla/external transactions) of 337,042 data subjects to their respective beneficiary (between 25.05.2018 -10.12.2018).

Related Enforcement Actions (0)

No other enforcement actions found for UNICREDIT BANK SA in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 June 2019

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€130,000

Enforcement Tracker ID

ETid-57

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. UNICREDIT BANK SA - Romania (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: