Raiffeisen Bank SA in Romania did credit scoring for another bank and was fined EUR 150,000 for it. Two employees performed credit scoring for another bank and shared the result. The DPA refers to Article 32 of the GDPR, which requires the controller to ensure that all employees and subcontractors comply with data protection rules…. […]