The National Supervisory Authority for Personal Data Processing closed an investigation on the ALPHA BANK ROMANIA SA data controller and found an infringement on Article 29, Article 32(1)(b), Article 32(2) and Article 32(4) of Regulation (EU) 2016/679 (GDPR).

In conclusion, the controller was sanctioned with a fine in the amount of 9,950.60 LEI, the equivalent of 2,000 EURO.

The investigation was launched following a notification sent by the controller indicating personal data breach, in line with the provisions of the General Data Protection Regulation.

The personal data breach followed a misadministration of one of the record keeping systems of ALPHA BANK ROMANIA SA by an employee of the controller.

During the investigation, it was found that ALPHA BANK ROMANIA SA had not implemented adequate technical and organisational measures to ensure a level of security appropriate to the risk of processing and had not taken sufficient measures to ensure that any natural person who has access to personal data and who acts under the authority of the controller processes those personal data only at the request of the controller.

This has led to the breach of the confidentiality of personal data through unauthorised disclosure and access to certain personal data of a limited number of clients.

Legal and Communication Department

A.N.S.P.D.C.P.