Greek DPA issues 150K euro fine to PwC



August 8, 2019



The DPA considered that PWC BS:

-i. has unlawfully processed the personal data of its employees contrary to the provisions of Article 5(1)(a) indent (a) of the GDPR since it used an inappropriate legal basis.

-ii. has processed the personal data of its employees in an unfair and non-transparent manner contrary to the provisions of Article 5(1)(a) indent (b) and (c) of the GDPR giving them the false impression that it was processing their data under the legal basis of consent pursuant to Article 6(1)(a) of the GDPR, while in reality it was processing their data under a different legal basis about which the employees had never been informed.

-iii. although it was responsible in its capacity as the controller, it was not able to demonstrate compliance with Article 5(1) of the GDPR, and that it violated the principle of accountability set out in Article 5(2) of the GDPR by transferring the burden of proof of compliance to the data subjects.

To read more: Click here

Follow us on Linkedin for daily breaking GDPR news!

Get our weekly newsletter in your inbox every Monday with fresh GDPR and Data Protection news!

August 8, 2019

EDPO participated in the Belgian Economic Mission to Japan – Dec. 2022

Belgian Economic Mission to the United States – June 2022

Belgian Economic Mission to the United Kingdom – May 2022

IAPP Global Privacy Summit – April 2022

IAPP Intensives – France & UK – March 2022

UK plans to abolish DPOs – and much more