Raiffeisen Bank SA – €15,000 Fine (Romania, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Raiffeisen Bank in Romania was fined for using WhatsApp to share personal data for credit scoring assessments. This method was deemed insecure and violated GDPR rules. The fine was reduced from EUR 150,000 to EUR 15,000 after a court ruling.
What happened
Raiffeisen Bank used WhatsApp to share personal data for credit scoring, which was found to be insecure.
Who was affected
Individuals whose personal data was shared via WhatsApp for credit scoring assessments.
What the authority found
The Romanian data protection authority fined the bank for not securing personal data properly, violating GDPR's Article 32 on data security.
Why this matters
This case serves as a warning that using unsecured communication channels for sensitive data can lead to significant fines. Businesses should ensure they use secure methods for handling personal data.
GDPR Articles Cited
Original fine summary: Raiffeisen Bank Romania carried out scoring assessments on the basis of personal data of individuals registered on the Vreau Credit platform provided by the platform's staff via WhatsApp and then returned the result to Vreau Credit using the same means of communication. Update: The fine was reduced from EUR 150,000 to EUR 15,000 following a court ruling in 2021 link
Related Enforcement Actions (1)
Other enforcement actions involving Raiffeisen Bank SA in RO
Details
Fine Date
9 October 2019
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Fine Amount
€15,000
Enforcement Tracker ID
ETid-84
About this data
Cite as: Cookie Fines. Raiffeisen Bank SA - Romania (2019). Retrieved from cookiefines.eu
Last updated: