Imposition of a fine on a bank in Greece for an incident of personal data breach

The Greek Data Protection Supervisory Authority imposed on a Bank, as Data Controller, an administrative fine of EUR 100,000 for violating the principles of accuracy, integrity, and confidentiality of data, and the principles of data protection by design and by default, in conjunction with Articles 32, 33, and 34 of the GDPR, as well as an administrative fine of EUR 20,000 for violating the complainants' right of access.

Complaints were submitted to the Supervisory Authority of Greece against the National Bank of Greece for the incorrect linking of a complainant's bank account with the mobile phone number of another complainant in the “i-bank Pay application”, which resulted in money transfers, via “IRIS online payments service”, which were made to the first complainant's account instead of the second's.

 In the context of the administrative audit conducted by the Authority, the Bank eventually identified that the issue was due to incorrect configuration during the 2020 upgrade of the mobile banking application, which had affected another 24 of its customers. Additionally, the Bank submitted a data breach notification to the Authority and took further corrective measures.

You  might also like: An overview of the regulatory framework on Gambling Services in the European Union / Article by Efi Thoma, Lawyer in Cyprus

(source:edpb.europa.eu/photo:freepik.com)


Comments

Post a Comment

Popular posts from this blog

Greek Administrative Court rules state liable for Covid-19 vaccine side effects due to "excessive sacrifice"

Image
Greece: The Administrative Court of First Instance of Athens, in its decision no. 4202/2025, has ruled that the Greek State is liable for damages sustained by an individual due to side effects following a preventive "COVID-19" vaccination. This landmark decision was issued in a compensation lawsuit filed against the Hellenic Republic. The Case: Seeking Compensation for Vaccine-Related Harm The lawsuit was brought by a plaintiff seeking compensation for material damage and moral harm (non-pecuniary damage), alleging that they suffered severe side effects after their preventive COVID-19 vaccination with a specific vaccine. The initial claim was for €461,835.26, but this amount was subsequently restricted during the proceedings. The plaintiff based their claim on two legal grounds: Article 105 of the Introductory Law of the Civil Code (EισNAK): This article concerns the State's liability for compensation arising from illegal acts or omissions of its organs in the exe...
Read more

Cyprus Family Law: Spouse's claim for contribution in post-marital acquisitions

Image
by Giorgos Kazoleas, Lawyer* The regulation of property issues between spouses after divorce or separation is one of the main problems and is most commonly related with the issue of the contribution of one spouse to the increase in the other’s property. According to Cypriot Family Law, in the event that the marriage is dissolved or annulled, or in the event of separation of the spouses, in case the property of one spouse has increased, the other spouse, if he/she contributed in any way to this increase, is entitled to bring an action before the Court and demand the return of the part of the increase that comes from his/her own contribution.[1] The contribution of one spouse to the increase in the property of the other is presumed to amount to one third of the increase, unless a greater or lesser contribution is proven.[2] “Contribution” means any form of contribution by the spouses to the acquisition or creation of property and includes the care of the family home and family memb...
Read more

Landmark Murder Conviction for Illegal Street Racing in Germany

Image
Following a fatal illegal street race in Ludwigsburg in March 2025, the Stuttgart District Court (LG Stuttgart) has issued a landmark ruling. The primary defendant was sentenced to life imprisonment for murder, while his brother received 13 years for attempted murder. The race resulted in the deaths of two innocent young women when their vehicle was rammed at speeds exceeding 130 km/h in a 50 km/h zone. Intent vs. Negligence The core of the legal debate centered on the definition of intent. The defense argued for "negligent homicide," claiming the defendants never intended to kill anyone. The court applied the principle of eventual intent (dolus eventualis). It ruled that by racing at extreme speeds in a residential area, the defendants recognized the life-threatening danger and "accepted" the possibility of a fatal outcome in pursuit of the thrill of the race. The ruling utilizes Section 315d of the German Criminal Code (StGB), known as the "Raserparag...
Read more

Life imprisonment and the ECHR - New factsheet by Council of Europe

Image
Life imprisonment is compatible with the European Convention on Human Rights, as long as prisoners have some chance of being released and it is possible for their sentences to be reviewed. According to the European Court of Human Rights, national laws concerning life imprisonment must be sufficiently clear and certain. Prisoners should also know from the outset what they must do to be considered for release, and under what conditions. The Council of Europe’s  Department for the Execution of ECHR Judgments  has published a new factsheet on cases concerning life imprisonment. The factsheet summarises steps taken by nine member states on this issue in response to 20 different judgments from the European Court of Human Rights. It covers a number of specific issues relating to life sentences, including review mechanisms, conditions of detention and the risk of irreducible life sentences in extradition cases. This is the latest in a series of  thematic factsheet...
Read more

ECtHR Judgement against Greece: Disclosure of the identities and medical data of prostitutes diagnosed with HIV was a breach of their right to private life

Image
The case of O.G. and Others v. Greece (applications nos. 71555/12 and 48256/13) concerned the publication, by decision of the domestic authorities, of medical data concerning prostitutes who had been diagnosed as HIV-positive, and media coverage of them. It also concerned the circumstances in which they were required to undergo a blood test.  In Chamber 's judgment(23.1.2024) in this case the European Court of Human Rights held, unanimously, that there had been two violations:  -A violation of Article 8 (right to respect for private life) of the European Convention on Human Rights, with regard to two applicants, on account of the blood tests they had been required to undertake.  The Court considered that the blood samples imposed on two applicants had amounted to an interference with their private life and noted that this had not been in accordance with the law within the meaning of Article 8 of the Convention, given that the provisions of domestic law in issue ought to h...
Read more

The European Commission urges Germany, Spain, Latvia and Slovenia to comply with cross-border judicial procedures on the European Arrest Warrant

Image
The Commission urges Germany, Spain, Latvia and Slovenia to comply with cross-border judicial procedures on the European Arrest Warrant.   The European Commission decided to send an additional letter of formal notice to Germany, Latvia and Slovenia and a reasoned opinion to Spain for failing to comply with the Framework Decision on the European Arrest Warrant and the surrender procedures between Member States ( Council Framework Decision 2002/584/JHA ). The  European arrest warrant  (EAW) is a simplified cross-border judicial procedure to surrender a requested person for the purpose of prosecution or executing a custodial sentence or detention order. Operational since 1 January 2004, the EAW has replaced the lengthy extradition procedures that existed between EU Member States. The Commission first sent a letter of formal notice to Germany in February 2021, to Spain in May 2021, to Latvia in December 2021 and to Slovenia in February 2022. On analysis of...
Read more

Defective products: New EU - rules to better protect consumers from damages

Image
European Parliament adopted on 12.3.2024 new EU consumer-protection rules to better respond to increased online shopping, emerging technologies and the transition to a circular economy. EU consumers will soon have easier access to compensation for damage caused by defective products. MEPs adopted revamped rules previously  agreed on with EU governments on 14 December 2023 , with 543 votes in favour, 6 against and 58 abstentions. The updated directive simplifies burden of proof requirements for those claiming compensation and cancels the minimum damage threshold of 500 euro. While the claimant would normally have to prove that the product was defective and its faultiness caused the damage, now a court can presume it is defective, especially in the most technically and scientifically complex cases. The court can also order the business to disclose the “necessary and proportionate” evidence to help victims of damage with their compensation claims. The new rules also allow national...
Read more