Danske Bank
€1,300,000
Non-compliance with general data processing principles
Ημερομηνία απόφασης
5 Απριλίου 2022
Αρχή
Danish Data Protection Authority (Datatilsynet)
DK
Τομέας
Finance, Insurance and Consulting
Χώρα
DK
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The Danish DPA has imposed a fine of EUR 1.3 million on Danske Bank. The DPA had opened an investigation against the bank after it informed the DPA that it had a problem with the deletion of personal data. During the investigation, the DPA found that the bank had failed to document the rules for deletion and storage of personal data in more than 400 systems. Consequently, the bank was unable to prove that such rules, which are required under the GDPR, existed. The DPA considered this to be a breach of the bank's accountability obligation under Art. 5 (2) GDPR.
Νομικές παραπομπές
Art. 5 (2)
Θέματα & Παραβάσεις
Non-compliance with general data processing principles