Skip to main content

Clifford Chance

Clifford Chance


Greek DPA fines PwC for unlawfully processing the personal data of its employees

6 August 2019

On 30 July 2019, the Greek Data Protection Authority (the "Greek DPA") issued a fine of €150,000 against PwC as a result of breaching of the GDPR rules in processing personal data of its employees

The Greek DPA initiated an investigation regarding the processing of personal data by PwC following a complaint submitted against the company.

From the public information it appears that the investigation was limited to the processing of personal data of PwC's employees, with a focus on the legal basis used to legitimate the data processing operations.

Following the investigation, the Greek DPA gave PwC 3 months to comply with a series of corrective measures as to bring the processing operations of its employees’ personal data to compliance with the provisions of the GDPR and also applied a €150,000 fine as a sanctioning measure.

Download PDF