PwC Greece: GDPR fine of EUR 150,000

The Greek data pro­tec­tion super­vi­so­ry aut­ho­ri­ty has appar­ent­ly impo­sed a fine of EUR 150,000 on PWC Busi­ness Solu­ti­ons SA (PWC BS) becau­se PWC BS had pro­ces­sed employee data on the basis of con­sent, i.e. the wrong legal basis. As a result, the pro­ces­sing was both unlaw­ful and – due to the incor­rect­ly sta­ted legal basis – non-trans­pa­rent. Fur­ther­mo­re, it was not pos­si­ble to pro­ve com­pli­an­ce with the princi­ples, which vio­la­ted the accoun­ta­bi­li­ty princip­le of Art. 5 (2) GDPR.