The WhatsApp GDPR violations pertain to Article 12 and 13(1)(c) requirements that platform users be clearly informed of the legal basis under which their personal information is being collected.
Though the fine is not one of the largest issued by CNIL (or for general GDPR violations across the bloc), the case is noteworthy in that Discord is mostly being taken to task for not providing default or built-in security options rather than the fallout of a specific data breach.
A statement from Danske Bank indicates that the GDPR violations are tied to an inability to build data deletion functionality into its complex interlocked IT systems despite beginning efforts in 2016.
