Fine EUR 150,000 to multinational company in Greece for GDPR violations


The Greek Data Protection Authority has imposed a fine of 150,000 euros on PWC BS A.E. for violations of the General Data Protection Regulation. In particular, the Personal Data Protection Authority, upon a complaint, investigated on its own motion the legality of the processing of the personal data of employees of PWC BS (PRICEWATERHOUSECOOPERS BUSINESSSOLUTIONS SA) pursuant to which the abovementioned employees were forced to consent to the processing their personal data for three (3) distinct purposes.
The Authority considered PWC BS as the controller:
1) has undergone unlawful processing, in breach of the provisions of Article 5 (1) (e); a) of the GDPR (principle of legality), the personal data of its employees, as it applied an inappropriate legal basis under Art. 6 (1)  a  GDPR (consent) instead of the appropriate legal basis for the performance of the contract, compliance with a legal obligation and the superior legal interest (Art. 6 (1), b, c' and g  GDPR).
2) in an unlawful and no transparent manner, in breach of Article 5 (1) (e); (a) b and c (GDPR) (the principle of objectivity and transparency), the personal data of its employees, as it gave them the false impression that they processed it in accordance with the legal basis of their consent in accordance to 6 (1) a’GDPR.In practice, it was processed on another legal basis, for which the employees were never informed.
3) as controller, although he was responsible, was unable to comply with and demonstrate compliance with Article 5 (1) of the GDPR in breach of the principle of accountability provided for in Article 5 (2) and he carried the burden of compliance on employees.

Comments

Editorial

Editorial
George Kazoleas, Lawyer

Top Stories

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Gigantic fine for unfair practices imposed on Booking.com by the Competition Authority of Hungary

The rules of UEFA on ‘homegrown players’ could be contrary to EU law (ECJ)

The Lawyer's right to refuse the defense of an accused person for ethical reasons

Politically Exposed Persons (PEPs): What and Why?

Airbnb is not required to hold an estate agent’s professional licence as it did not notify the Commission of that requirement in accordance with the Directive on electronic commerce

Sanction imposed on judge for Facebook posts concerning matters of public interest infringed his freedom of expression (ECtHR)