Privacy Blog
The Irish DPA Imposes an Administrative Fine on Bank of Ireland Group due to the Infringements of GDPR
The claims of 22 different personal data breaches are notified to the Irish Data Protection Authority (“the Irish DPA”) about the Bank of Ireland Group (“BOI”) between 9 November 2018 and 27 June 2019. The claims are related to the unauthorized disclosures and accidental changes of customer personal data to the Central Credit Register (“CCR”).
According to the conducted investigation, Irish DPA decided that many fundamental principles of the General Data Protection Regulation (“GDPR”) such as reporting personal data breaches without delay, providing sufficient detail to the DPC regarding this breach, and ensuring security level by implementing technical and organizational measures were infringed by the BOI.
Irish DPA determined that BOI has not fulfilled the basic principles of GDPR. In other words, it has violated Articles 32(1), 33, and, 34 of GDPR. BOI must therefore be subject to administrative fines by virtue of the mentioned infringements. Irish DPA imposed administrative fines on BOI of a total of EUR 463.000.
here.You can find the full text of the decision
Kind regards,
Zumbul Attorneys at Law
info@zumbul.av.tr