I'm in the UK, and yes you can just send an email to ICO here. I contacted them about an issue with Amazon using their order update system for marketing purposes despite having opted out of marketing communicatoins, they weren't very helpful.
I have an outstanding complaint about illegal collection of biometric information and they have proved less than helpful also. The ICO doesn't really function, it never did enforce the data protection act before and so far there appears to be little change with GDPR.
Justice is not just about the law as written but also whether it can be enforced, the GDPR is not enforced in any meaningful way in the UK and companies know that.
Having a lot of experience with Romanian authorities, that's a resounding no. You can be sure a reasonably powerful political player pulled the strings on this.
Romanian here - can confirm your statement is accurate. The person in charge of Romania's GDPR enforcement agency is politically nominated by Romania's leading party - the party which made corruption semi legal. She is under investigation by Romania's Anti Corruption Directorate for illegal land restitution, and is reported to have made anti EU and anti US statements. She also threatened an enormous fine, using the GDPR regulation, for those who exposed the illegal activity of Romania's former defacto leader, imprisoned 4 months ago.
So yeah, this case raises eyebrows, given most foreign banks in Romania are proteges of corrupt politicians and the GDPR agency is lead by members of an infamously corrupt party. Perhaps this bank did something right, to actually get the fine.