Italy: Data Protection Authority fined Intesa Sanpaolo EUR 17.628 million violations of General Data Protection Regulation

Data Protection Authority fined Intesa Sanpaolo EUR 17.628 million violations of General Data Protection Regulation

On 12 March 2026, the Data Protection Authority (GPDP) imposed a fine of EUR 17.628 million on Intesa Sanpaolo and declared unlawful certain personal data processing carried out in connection with the transfer of two business units to Isybank under …

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

other service provider

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-11-16

under deliberation

On 16 November 2023, the Italian Data Protection Authority (GPDP) opened an investigation into Inte…

2025-01-03

under investigation

On 3 January 2025, the Data Protection Authority (GPDP) notified Intesa Sanpaolo, an Italian bankin…

2026-03-12

in force

On 12 March 2026, the Data Protection Authority (GPDP) imposed a fine of EUR 17.628 million on Inte…

Description

Data Protection Authority fined Intesa Sanpaolo EUR 17.628 million violations of General Data Protection Regulation

Scope

Complete timeline of this policy change