ING Bank fined $5 million for GDPR violations in Poland. On August 26, 2025, the Polish data protection authority (UODO) fined ING Bank PLN 18.4 million (approximately $5 million) for violating the General Data Protection Regulation (GDPR). The investigation revealed that ING Bank scanned identity documents of customers and potential clients without lawful basis, violating Articles 5(1)(a), 5(1)...

DataGuidance - DataGuidance

ING Bank fined $5 million for GDPR violations in Poland. On August 26, 2025, the Polish data protection authority (UODO) fined ING Bank PLN 18.4 million (approximately $5 million) for violating the General Data Protection Regulation (GDPR). The investigation revealed that ING Bank scanned identity documents of customers and potential clients without lawful basis, violating Articles 5(1)(a), 5(1)(b), 5(1)(c), and 6(1) of the GDPR. The bank did not conduct individual risk assessments related to the Anti-Money Laundering (AML) Act, and documents were scanned in situations not required by the act.

Source

Published on Aug. 26th, 2025 Published on Aug. 26th, 2025

To read more operational risk news, register for free on MSTAR Platform.

MSTAR News

Jul. 30th, 2025

Elseware at RiskMinds 2025: Shaping the Future of Operational Risk

Elseware is proud to sponsor RiskMinds International 2025 (17–20 Nov, London). We’ll be hosting a round table on the future of operational risk quantification, with a spotlight on what drives us: structured scenarios. As risk evolves under regulatory and governance pressures, we believe these expert-led approaches are key to anticipating tomorrow’s challenges. Let’s shape the future of risk — together.