Intesa Sanpaolo

Person checkt Zahlungsflüsse auf Bankkonto mit dem Smartphone.

The Italian DPA’s Fine Against Intesa Sanpaolo: Lessons for Access Management and Data Breach Handling

On 26 March 2026, the Italian data protection authority (Garante per la protezione dei dati personali, „Garante“) fined Intesa Sanpaolo S.p.A. €31,800,000. This is one of the largest fines the Garante has ever imposed, and it carries clear lessons for any organisation that processes personal data at scale – not just banks. What Happened Between […]

Giulia Provini | 9. April 2026 | Internationaler Datenschutz | Access management, Bank, Data Breach, English Posts, fine, Garante, Intesa Sanpaolo

Mann tätigt Online-Überweisung an Laptop.

Unlawful Profiling and Poor Transparency: Key Takeaways from the Garante’s Fine Against Intesa Sanpaolo

The Italian Data Protection Authority (Garante) has imposed a €17.6 million fine on Intesa Sanpaolo, one of the largest banking groups in Italy, for unlawful processing of personal data affecting approximately 2.4 million customers in the context of their transfer to the digital bank Isybank. What makes this case particularly relevant is not only its […]

Giulia Provini | 25. März 2026 | Aufsichtsbehörden, Internationaler Datenschutz | Bank, data protection, English Posts, Garante, GDPR, Intesa Sanpaolo, Italy, Profiling, unlawful data processing