14.5 million EUR GDPR fine imposed on real estate company

von Tobias Damasko

The reason for the GDPR fine of 14.5 million euros is data from tenants in an archive system, which could not be deleted. The grievances were discovered in 2017. A review in March 2019 showed that hardly anything had changed in the state. The Berlin data protection authority has therefore imposed a fine of millions on the real estate company “Deutsche Wohnen”. The fine could have been even higher due to the company’s turnover.

Archive system created consciously

In determining the amount of the fine, the company was interpreted as disadvantageous in that the archive structure that was the subject of the complaint was deliberately created and the data was processed in an inadmissible manner over a long period of time. “Deutsche Wohnen” has not yet commented publicly on the GDPR fine. The decision is not yet legally binding. The Berlin data protection officer Maja Smolczyk spoke of a “blatant violation of the principles of data protection”. According to the previous year’s sales of the real estate company, which were higher than one billion euros, the fine could even have been up to 28 million euros.

Take data protection seriously

Due to the drastically worsening fines situation, we strongly recommend that you take the subject of data protection in your company very seriously and meet the relevant documentation requirements. Regular checks by the data protection officer must also be firmly integrated into processes. Always inform us immediately if you want to change processes in your company or introduce new software or apps. Regular checks must be a firmly planned part of good data protection management in your company too! Please also note the annual activity report of your data protection officer, which will be made available again at the end of the year and contains valuable information on the subject of data protection.

 

Due to the drastically worsening fines situation, we strongly recommend that you take the subject of data protection in your company very seriously and meet the relevant documentation requirements. Regular checks by the data protection officer must also be firmly integrated into processes. Always inform us immediately if you want to change processes in your company or introduce new software or apps. Regular checks must be a firmly planned part of good data protection management in your company too! Please also note the annual activity report of your data protection officer, which will be made available again at the end of the year and contains valuable information on the subject of data protection.

 

Kontaktieren Sie uns einfach für Ihr individuelles Angebot.

assets/images/a/tobias-damasko-7-14dfe728.jpeg
Tobias Damasko

Der ISO/IEC 27001 Auditor / Lead Auditor mit langjähriger Tätigkeit in führender Funktion agiert für Kunden und Kollegen als kompetenter Ansprechpartner im Bereich der IT und IT-Security. Neben jahrelanger Erfahrung bei der Betreuung und im Management von komplexen Software- und IT-Projekten, VDI/Virtualisierungs- und NAC (Network-Access-Control)-Lösungen fühlt sich der zertifizierte Microsoft Spezialist Tobias Damasko auch im Bereich der Softwareentwicklung zu Hause. Mit seinem weitreichenden Wissen und vielseitigen technischen Know-how bereichert er Kunden und Team gleichermaßen.