A Greek customer of Piraeus Bank notified them that, since there was no longer a claim against him, the bank had sent his personal information to Alternative Financial Solutions (AFS), a loan and credit management company, without a warrant or other legal basis.
The complainant further claimed that the Bank had neglected to respond to his request for information regarding the transfer of his personal data to AFS in a satisfactory and thorough manner.
On June 12, 2023, the Hellenic Data Protection Authority (HDPA) published its decision No. 25/2023, as issued on the same date, in which it fined Piraeus Bank SA €210,000 for the violations of the General Data Protection Regulation (GDPR).
The HDPA clarified that the bank's customer, the complainant, had notified them that Piraeus Bank had transferred his personal information to Alternative Financial Solutions (AFS), a loan and credit management company, without a valid reason or authorization because the bank no longer had any outstanding claims against him.
The complainant further claimed that the Bank had neglected to respond to his request for information regarding the transfer of his personal data to AFS in a satisfactory and thorough manner.
Consequently, Piraeus Bank was hit with the following fines by the HDPA:
€100,000 for the infringement of GDPR Articles 5(1)(a), 5(1)(b), and 6;
€100,000 for the violation of Article 25(1) of the GDPR; and
€10,000 for the violation of Article 15(1)(a) of the GDPR.
READ the decision
Comments