Italy’s largest bank, Intesa Sanpaolo, has been fined €17.6 million by the Italian Data Protection Authority for unlawfully processing the personal data of around 2.4 million customers, according to Reuters, with information reported by Economedia.
The regulator found that the bank transferred customer data to its digital unit Isybank without fully complying with data protection requirements.
Read also: BRD reports RON 1.54bn net profit in 2025, strengthening its market position
Customer profiling
According to the authority, the bank profiled customers based on several criteria, including age under 65, frequency of digital channel usage, investment products held and financial assets.
This profiling led to the migration of certain customers to the Isybank digital platform, which could involve the transfer of accounts to another data controller and unilateral changes to contractual terms.
Inadequate communication
The regulator also criticized the way the bank informed customers about the migration. In many cases, notifications were sent during the summer and placed in the archive section of the banking app without push alerts.
When determining the fine, the authority considered the large number of affected customers, while also noting the bank’s cooperation during the investigation and the unintentional nature of the violation.
Presence in Romania
The Intesa Sanpaolo group also operates in Romania through Intesa Sanpaolo Bank Romania. The bank currently has 59 branches nationwide, a network expanded following its merger with First Bank.
Photo: Forbes
UK
IT
ES
DE
FR
RO
PT
HU
