Punishment against Unicredit Romania
The Romanian Unicredit Bank was punished by the local data protection authority to pay a fine of about € 130,000.
The authority justified the penalty with a variety of deficiencies in the technical and organizational measures. Furthermore, the principle of data minimization was disregarded. As an example, the agency stated that recipients of an payment could see the address of the sender of this payment, although it is not necessary to carry out a transaction.
The data protection authority began its investigation on 25th May 2018, the day the GDPR was introduced, and ended on 10th December 2018. More than 330,000 customers were affected during this period.
An efficient implementation of the GDPR is essential for companies of all types and sizes. The investigation started immediately after the introduction of the GDPR. Nevertheless, the process was completed after more than a year. In addition to the fine, the bank had to invest time and resources to fulfill its own obligations in the process.
easyGDPR could have prevented such a procedure. As a first step, our program asks you about your current technical and organizational measures and identifies where you need to improve them. At the same time easyGDPR documents your decisions. In the event of an inspection by the Data Protection Authority you can show these documents. You benefit twice, thanks to the correct implementation of the GDPR you do not have to pay a fine, thanks to the automatically generated documentation, the process can be completed quickly and you can take care of the important concerns in your company.
Type of Issue:
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
25. Data protection by design and by default
5. Principles relating to personal data processing
6. Lawfulness of processing