Italy: Data Protection Authority investigation into Intesa Sanpaolo over alleged violations of General Data Protection Regulation

On 12 March 2026, the Data Protection Authority (GPDP) imposed a fine of EUR 17.628 million on Intesa Sanpaolo and declared unlawful certain personal data processing carried out in connection with the transfer of two business units to Isybank under …

On 3 January 2025, the Data Protection Authority (GPDP) notified Intesa Sanpaolo, an Italian banking group, of the initiation of proceedings for the adoption of corrective and sanctioning measures under Articles 58(2) and 83 of thw General Data Prot…

On 16 November 2023, the Italian Data Protection Authority (GPDP) opened an investigation into Intesa Sanpaolo, an Italian banking group, over alleged violations of the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR). The GPDP re…