Fine EUR 150,000 to multinational company in Greece for GDPR violations
The Greek Data Protection Authority has imposed a fine of 150,000 euros on PWC BS A.E. for violations of the General Data Protection Regulation. In particular, the Personal Data Protection Authority, upon a complaint, investigated on its own motion the legality of the processing of the personal data of employees of PWC BS (PRICEWATERHOUSECOOPERS BUSINESSSOLUTIONS SA) pursuant to which the abovementioned employees were forced to consent to the processing their personal data for three (3) distinct purposes. The Authority considered PWC BS as the controller: 1) has undergone unlawful processing, in breach of the provisions of Article 5 (1) (e); a) of the GDPR (principle of legality), the personal data of its employees, as it applied an inappropriate legal basis under Art. 6 (1) a GDPR (consent) instead of the appropriate legal basis for the performance of the contract, compliance with a legal obligation and the superior legal interest (Art. 6 (1), b, c' and g GDPR). 2