August 5, 2020

Volume X, Number 218

August 04, 2020

Subscribe to Latest Legal News and Analysis

August 03, 2020

Subscribe to Latest Legal News and Analysis

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form.

The sanction was imposed following a data breach that took place between April 2016 and July 2017 that the banking institution notified to the Garante at the end of July 2017. As a result of the breach, the personal data of over 700,000 customers, including contact details, employment data (e.g., salary information), education data, identification details and financial data (e.g., bank account number, information on loans, payment status and customers’ credit ratings), was unlawfully accessed.

The Garante found that the bank had failed to implement adequate security measures and comply with local requirements regarding the tracking of banking transactions. In determining the amount of the fine, the Garante took into account the number of individuals affected by the breach, as well as the fact that the bank had implemented various security measures to strengthen the security of its IT systems following the breach.

Read the Garante’s decision (in Italian).


Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 183


About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct