The Irish DPA Imposes an Administrative Fine on Bank of Ireland Group due to the Infringements of GDPR

Kişisel Verilerin Korunması Hukuku

The claims of 22 different personal data breaches are notified to the Irish Data Protection Authority (“the Irish DPA”) about the Bank of Ireland Group (“BOI”) between 9 November 2018 and 27 June 2019. The claims are related to the unauthorized disclosures and accidental changes of customer personal data to the Central Credit Register (“CCR”).

According to the conducted investigation, Irish DPA decided that many fundamental principles of the General Data Protection Regulation (“GDPR”) such as reporting personal data breaches without delay, providing sufficient detail to the DPC regarding this breach, and ensuring security level by implementing technical and organizational measures were infringed by the BOI.

Irish DPA determined that BOI has not fulfilled the basic principles of GDPR. In other words,  it has violated Articles 32(1), 33, and, 34 of GDPR. BOI must therefore be subject to administrative fines by virtue of the mentioned infringements. Irish DPA imposed administrative fines on BOI of a total of EUR 463.000.

here.You can find the full text of the decision 

Kind regards,

Zumbul Attorneys at Law

info@zumbul.av.tr