Fine EUR 150,000 to multinational company in Greece for GDPR violations
The Greek Data Protection Authority has imposed a fine of
150,000 euros on PWC BS A.E. for violations of the General Data Protection
Regulation. In particular, the Personal Data Protection Authority, upon a
complaint, investigated on its own motion the legality of the processing of the
personal data of employees of PWC BS (PRICEWATERHOUSECOOPERS BUSINESSSOLUTIONS
SA) pursuant to which the abovementioned employees were forced to consent to
the processing their personal data for three (3) distinct purposes.
The Authority considered PWC BS as the controller:
1) has undergone unlawful processing, in breach of the
provisions of Article 5 (1) (e); a) of the GDPR (principle of legality), the
personal data of its employees, as it applied an inappropriate legal basis
under Art. 6 (1) a GDPR (consent) instead of the appropriate
legal basis for the performance of the contract, compliance with a legal
obligation and the superior legal interest (Art. 6 (1), b, c' and g GDPR).
2) in an unlawful and no transparent manner, in breach of
Article 5 (1) (e); (a) b and c (GDPR) (the principle of objectivity and
transparency), the personal data of its employees, as it gave them the false
impression that they processed it in accordance with the legal basis of their
consent in accordance to 6 (1) a’GDPR.In practice, it was processed on another
legal basis, for which the employees were never informed.
3) as controller, although he was responsible, was unable to
comply with and demonstrate compliance with Article 5 (1) of the GDPR in breach
of the principle of accountability provided for in Article 5 (2) and he carried
the burden of compliance on employees.
Comments
Post a Comment