DSK Bank – €511,000 Fine (Bulgaria, 2019)

€511,000Commission for Personal Data Protection28 August 2019Bulgaria
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

DSK Bank was fined over half a million euros for not protecting customer data properly. More than 23,000 credit records were exposed, including sensitive information like ID numbers and biometric data. This case highlights the importance of strong security measures to protect personal data.

What happened

DSK Bank failed to secure customer data, leading to a leak of over 23,000 credit records.

Who was affected

Bank customers whose personal and sensitive data, such as identity numbers and biometric data, were exposed.

What the authority found

The authority fined DSK Bank for not having adequate security measures in place, violating GDPR's requirements for data protection.

Why this matters

This case underscores the critical need for banks and financial institutions to implement robust security measures to protect customer data. It serves as a warning to businesses handling sensitive information to regularly review and update their data protection practices.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Bulgaria enforcementCommission for Personal Data Protection actionsAll DSK Bank actions
Full Legal Summary
Detailed

Leakage of personal data due to inadequate technical and organisational measures to ensure the protection of information security. Third parties had access to over 23000 credit records relating to over 33000 bank customers including personal data such as names, citizenships, identification numbers, adresses, copies of identity cards and biometric data.

Related Enforcement Actions (0)

No other enforcement actions found for DSK Bank in BG

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 August 2019

Authority

Commission for Personal Data Protection

Fine Amount

€511,000

Enforcement Tracker ID

ETid-72

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. DSK Bank - Bulgaria (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: