First-Time Fine Imposed for GDPR Violations Involving Employee Data Breach

Barnea Jaffa Lande & Co.

The Hellenic Data Protection Authority (HDPA) recently imposed a EUR 150,000 fine on the international consulting firm PwC for its violations of the new European data protection regulations (the General Data Protection Regulations, or GDPR).

An inquiry conducted by the HDPA revealed that PwC required its employees to provide their consent to the processing of their personal data. The HDPA found this data processing to be without a proper legal basis, as consent cannot be freely given in an employer-employee relationship. In addition, the HDPA determined the consulting firm had violated its duty of fairness and transparency toward employees by creating the wrongful impression that the data about them was processed with their consent, when in effect it was required to maintain working relationships with the employees and to fulfill legal requirements imposed upon the firm. Further, the HDPA held the firm failed by not maintaining a record of its decision-making process regarding establishing a lawful basis for the data processing. In light of these findings, the HDPA ordered PwC to remedy the flaws in its conduct within three months, and imposed upon it a EUR 150,000 fine.

This decision sends out an important message to Israeli employers as well, and lessons should be learnt from it here as well. One year after the entry into force of the GDPR, it was evident that the enforcement activity of privacy protection agencies around the world had been focused on companies’ business doings. As a result, companies rarely invest resources in complying with the requirements of privacy protection laws in terms of their employees’ data processing. The HDPA’s decision marks a change in this trend and signals to employers around the world to put in order their employees’ data collection and use practices as well.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Barnea Jaffa Lande & Co. | Attorney Advertising

Written by:

Barnea Jaffa Lande & Co.

Barnea Jaffa Lande & Co. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.