info@edpo.com
Greek DPA issues 150K euro fine to PwC
-i. has unlawfully processed the personal data of its employees contrary to the provisions of Article 5(1)(a) indent (a) of the GDPR since it used an inappropriate legal basis.
-ii. has processed the personal data of its employees in an unfair and non-transparent manner contrary to the provisions of Article 5(1)(a) indent (b) and (c) of the GDPR giving them the false impression that it was processing their data under the legal basis of consent pursuant to Article 6(1)(a) of the GDPR, while in reality it was processing their data under a different legal basis about which the employees had never been informed.
-iii. although it was responsible in its capacity as the controller, it was not able to demonstrate compliance with Article 5(1) of the GDPR, and that it violated the principle of accountability set out in Article 5(2) of the GDPR by transferring the burden of proof of compliance to the data subjects.
To read more: Click here
Common Mistakes about UK GDPR by EU Companies
ASSUMING THAT SMALL VOLUMES OF UK PERSONAL DATA DON’T FALL UNDER THE UK GDPR Many EU companies may underestimate the amount of data they...
EU GDPR Quick Guide to GDPR Fines and Sanctions
The EU’s General Data Protection Regulation (GDPR) was one of the first privacy laws to compel broad organizational compliance, largely...
Understanding GDPR: What You Need to Know in 2025
In 2018, the European Commission introduced the General Data Protection Regulation (GDPR). It shook the world because it applied both to...
About the author
Olivier
