(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fine in the amount of EUR 463 000 applied by Irish Data Protection Authority to Bank of Ireland Group for the infringement of articles 32, 33, 34 of GDPR

Administrative fine in the amount of EUR 463 000 applied by Irish Data Protection Authority to Bank of Ireland Group for the infringement of articles 32, 33, 34 of GDPR

img 534 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine in the amount of EUR 463 000 applied by Irish Data Protection Authority (SA) to Bank of Ireland Group for the infringement of articles 32, 33, 34 of GDPR.

Irish SA launched an investigation following the 22 personal data breach notifications that Bank of Ireland Group plc (BOI) made to Irish SA between 9 November 2018 and 27 June 2019. The notifications related to the corruption of information in the BOI’s data feed to the Central Credit Register (CCR), a centralised system that collects and securely stores information about loans. The incidents included unauthorised disclosures of customer personal data to the CCR and accidental alterations of customer personal data on the CCR.

The investigation found that:

·        Article 33 of the GDPR was infringed by BOI in 17 of the incidents, by the fact that BOI failed to report the personal data breach without undue delay and to provide sufficient detail to Irish SA in respect of some personal data breaches;

·        Article 34 of the GDPR was infringed by BOI in 14 of the incidents. The infringements concerned a failure by BOI to issue communications to data subjects without undue delay in circumstances where the personal data breaches were likely to result in a high risk to data subjects’ rights and freedoms; and

·        Article 32(1) of the GDPR was infringed as BOI failed to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by its processing of customer data in transferring information to the CCR.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Curs de instruire în domeniul protecției datelor cu caracter personal organizat pentru reprezentanții Direcției Regionale Sud a IGPF

       La data de 14 mai 2026, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru reprezentanții Direcției Regionale Sud a Inspectoratului General al Poliției de Frontieră (IGPF). Evenimentul s-a desfășurat la sediul Direcției din municipiul Cahul.     […]

img 42 Views
The Republic of Moldova has signed the instrument of ratification for the Protocol amending Convention No. 108

       Today, May 15, 2026, in Chișinău, Deputy Prime Minister and Minister of Foreign Affairs of the Republic of Moldova, Mihai Popșoi, presented to the Secretary General of the Council of Europe the instrument of ratification of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of […]

img 21 Views
img Video gallery
img Information