info@edpo.com
Greek DPA issues 150K euro fine to PwC
The DPA considered that PWC BS:
-i. has unlawfully processed the personal data of its employees contrary to the provisions of Article 5(1)(a) indent (a) of the GDPR since it used an inappropriate legal basis.
-ii. has processed the personal data of its employees in an unfair and non-transparent manner contrary to the provisions of Article 5(1)(a) indent (b) and (c) of the GDPR giving them the false impression that it was processing their data under the legal basis of consent pursuant to Article 6(1)(a) of the GDPR, while in reality it was processing their data under a different legal basis about which the employees had never been informed.
-iii. although it was responsible in its capacity as the controller, it was not able to demonstrate compliance with Article 5(1) of the GDPR, and that it violated the principle of accountability set out in Article 5(2) of the GDPR by transferring the burden of proof of compliance to the data subjects.
To read more: Click here
Understanding GDPR: What You Need to Know in 2025
In 2018, the European Commission introduced the General Data Protection Regulation (GDPR). It shook the world because it applied both to...
5 essential steps for GDPR compliance in the health care industry
What is the GDPR? The General Data Protection Regulation (GDPR) came into force on May 25, 2018, replacing the 1995 Data Protection...
5 GDPR mistakes US companies make in 2025 – and how to avoid them
The General Data Protection Regulation (GDPR) continues to apply to many US companies in 2025, even if they do not have a physical presence...
About the author
admin
