Italian DPA fines bank for data breach

data breach

Garante, Italy’s data protection authority (DPA), has ordered a bank to pay €600,000 ($675,000) for “abusive access” to personal data of more than 700,000 customers.

The breach was carried out by some employees of an external commercial partner of the bank and involved information such as contact details, profession, level of study and identification document data.

The DPA said it levied the fine to safeguard the rights and freedoms of the victims of the breach because the bank, which the authority did not name, had failed to adopt adequate technical and organisational measures.

Garante noted it had never sanctioned the bank before and, following the data breach, the bank adopted measures to strengthen security of its IT systems.


Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.