Ireland: Issued ruling in Investigation into Bank of Ireland's Banking365 app over alleged Data Breach Concerns

On 27 February 2023, the Data Protection Commission (DPC) announced a ruling in its investigation into the Bank of Ireland (BOI) over alleged data breach concerns when using their Banking365 application. The investigation intended to establish whether the BOI ignored its responsibilities and whether any articles of the Data Protection Act 2018 and/or the General Data Protection Regulation (GDPR) were violated in connection to a number of personal data breaches. The data breaches allowed individuals to gain unauthorised access to other people’s accounts via the Banking365 app. Articles 5(1)(f) and 32(1) of the GDPR have been found to have been violated by the BOI since it did not take sufficient technical and administrative measures to prevent those breaches. Therefore, a fine of EUR 750'000 has been imposed, along with an order outlining the steps required to achieve compliance with the GDPR.