We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Strictly necessary cookies

Cookie name Duration Cookie purpose
ASP.NET_SessionId Session This cookie holds the current session id (OPPassessment only)
.ASPXANONYMOUS 2 Months Authentication to the site
LSI 1 Year To remember cookie preference for Law Society websites (www.lawsociety.ie, www.legalvacancies.ie, www.gazette.ie)
FTGServer 1 Hour Website content ( /CSS , /JS, /img )
_ga 2 Years Google Analytics
_gat Session Google Analytics
_git 1 Day Google Analytics
AptifyCSRFCookie Session Aptify CSRF Cookie
CSRFDefenseInDepthToken Session Aptify defence cookie
EB5Cookie Session Aptify eb5 login cookie

Functional cookies

Cookie name Duration Cookie purpose
Zendesk Local Storage Online Support
platform.twitter.com Local Storage Integrated Twitter feed

Marketing cookies

Cookie name Duration Cookie purpose
fr 3 Months Facebook Advertising - Used for Facebook Marketing
_fbp 3 months Used for facebook Marketing
BoI rapped over breaches of GDPR rules
Pic: RollingNews.ie

05 Apr 2022 / regulation Print

BoI rapped over breaches of GDPR rules

The Data Protection Commissioner (DPC) has handed Bank of Ireland a fine of €463,000 and reprimanded it for a number of breaches of GDPR data-privacy rules.

Bank of Ireland had notified the watchdog of 22 incidents linked to information provided to the Central Credit Register (CCR) – a centralised system that collects and securely stores information about loans.

The incidents, which took place in 2018 and 2019, included unauthorised disclosures of customers' personal data to the CCR, and accidental alterations of customers’ personal data.

A DPC investigation found that 19 of the incidents amounted to a ‘personal data breach’ under GDPR rules.

BoI to make changes

In 17 cases, the bank failed to report the breaches “without undue delay”, or without sufficient detail.

In 14 incidents, the watchdog found that Bank of Ireland had failed to contact individuals quickly enough, in circumstances where the breaches were likely to result in a high risk to the data subjects’ rights and freedoms.

The DPC also found that the bank had failed to implement appropriate measures to ensure a level of security appropriate to the risk presented by its processing of customer data in transferring information to the CCR.

The watchdog has ordered Bank of Ireland to make a number of changes to its technical and organisational measures.

Bank of Ireland said it fully acknowledged and sincerely apologised for the breaches.

"The bank takes its regulatory and compliance obligations very seriously, and regrets that it has fallen short in this way," the bank said in a statement.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland