PwC Greece: GDPR fine of EUR 150,000

The Greek data pro­tec­tion super­vi­so­ry aut­ho­ri­ty has appar­ent­ly impo­sed a fine of EUR 150,000 on PWC Busi­ness Solu­ti­ons SA (PWC BS) becau­se PWC BS had pro­ce­s­sed employee data on the basis of con­sent, i.e. the wrong legal basis. As a result, the pro­ce­s­sing was both unlawful and – due to the incor­rect­ly sta­ted legal basis – non-trans­pa­rent. Fur­ther­mo­re, it was not pos­si­ble to pro­ve com­pli­ance with the prin­ci­ples, which vio­la­ted the accoun­ta­bi­li­ty prin­ci­ple of Art. 5 (2) GDPR.