The DPA found that Komplett Bank ASA breached several provisions of the GDPR. Firstly, they processed personal data for direct marketing purposes without a lawful basis, which goes against Article 6(1) GDPR. Secondly, they provided misleading information about the lawful basis used for processing personal data for direct marketing purposes, which violates Articles 12(1) and 13(1) GDPR. Thirdly, the bank exceeded the time limit for responding to data subject requests for information, which is in breach of Article 12(3) GDPR. Fourthly, they failed to inform the data subject of their right to object to the processing of their personal data for direct marketing purposes, violating Articles 13(2) and 21(4) GDPR. Lastly, they disregarded the data subject's prior objection to direct marketing, which is against Article 21(3) GDPR. As a result of these violations, the DPA issued Komplett Bank ASA with a Compliance Order and Reprimand.