Details:
| Summary | The Romanian DPA (ANSPDCP) fined ING Bank N.V. Amsterdam – Bucharest office in the amount of EUR 3,000. The bank had contacted the data subject by e-mail for the purpose of updating his data. At that time, however, the data subject had already terminated his account with the bank, so that the contractual relationship had been terminated. As a result, the data controller had unlawfully processed personal data of the former customer without his consent such as the e-mail address and the name and of the data subject. |
| Link: | link |
| Related articles: | Art. 5 (1) a) – d) GDPR, Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 3,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/