German housing giant fined £12.5m for GDPR violations

The firm’s archive system held onto highly sensitive data from bank statements to health insurance records

German property company Deutsche Wohnen has been hit with a staggering data protection fine for hanging onto a treasure trove of personal and financial data of former and current housing tenants.

The firm was fined 14.5 million (approximately 12.5 million) after German data protection investigators found it had been holding information in an archival system from which it was impossible to delete records.

This highly sensitive data, which belonged to former and current tenants, included salary information, extracts from employment and training contracts, tax and health insurance records, as well as bank statements.

This data was stored in the system on an indiscriminate basis, according to German data protection authorities, and without appropriate consents. There was also no legally-defined basis for collecting and storing the data.

Deutsche Wohnen was found to have violated the General Data Protection Regulation (GDPR) under Article 25 (1), which covers the need for businesses to ensure they're adhering to data protection principles such as data minimisation. The firm also violated Article 5, which related to the core ethical principles related to processing data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Businesses are instructed under GDPR not to keep personal data beyond the legally-established reasons they have identified, and for a period no longer than is required in order to carry out the processing.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

The German property firm was first warned about its archive system in 2017, according to the data regulator, and requested to change its archiving system as a matter of urgency.

Although the firm changed the archive system in March 2019, the changes still did not establish a lawful basis for storing the personal data and GDPR proceedings were launched, spanning the period between May 2018, when GDPR came into force, and this point.

The initial financial penalty was actually much higher, at roughly 28 million (24 million) based on the firm's annual turnover at more than a billion euros. GDPR fines can fall anywhere in the order of 20 million, or up to 4% of a firm's annual turnover, depending on the severity of the violation.

This initial fine represented 2.8% of the firm's turnover but was reduced because the company had actually taken concrete steps towards correcting its data storage mechanisms, and co-operated with regulators during the process.

Advertisement - Article continues below

IT Pro approached the property giant for its response to the GDPR fine.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020