The GDPR allows authorities to impose penalties of up to 4 percent of the accused company’s worldwide turnover, depending on the gravity of the offence. In the previous year, Deutsche Wohnen generated more than one billion Euros in turnover. This means that the fine of 14.5 million Euros is significantly lower than the maximum would allow (28 million Euros). The reason the maximum penalty could not be imposed is that authorities were unable to prove that abusive access had been made and, furthermore, Deutsche Wohnen had announced they would be taking measures to improve the situation.
The data protection authority issued additional fines between 6,000 and 17,000 Euros for illegal storage of personal data of tenants in 15 concrete cases. This is the first GDPR fine amounting to millions in Germany; the highest fine in the country to date was 195,000 Euros. France and Great Britain, in comparison, have seen penalties of this magnitude being imposed on several occasions
The decision is not yet legally binding and Deutsche Wohnen has announced that they are intending to appeal the decision.
Access management is data protection
One way to safeguard your company’s critical data and ensure it is being treated responsibly is to make sure that IT privileges are assigned according to comprehensible and transparent processes. tenfold is an access management system that can help you to maintain control of and manage the access rights in your company in an effective manner, spanning across systems and, of course, always in accordance with the GDPR.