The case of an ITA primary banking institute sanctioned (600.000) for a Data breach spread out many considerations on GDPR rules, for understanding how banks can reach the best compliance.

See in https://www.cybersecurity360.it/legal/privacy-dati-personali/gdpr-per-le-banche-accountability-e-proporzionalita-cosa-prevede-la-normativa/