An ex officio investigation was conducted by the Hellenic Data Protection Authority (DPA) into the lawfulness of the processing of personal data of employees working at PwC. According to a complaint, employees were required to give consent to the processing of their personal data. Hellenic DPA concluded that PWC BS as the controller had unlawfully processed the personal data of its employees “contrary to the provisions of Article 5(1)(a) incident (a) of the GDPR since it used an inappropriate legal absis.” It also determined that PwC had unfairly and non-transparently processed the personal data of its employees by giving them the false impression that their data was being processed under the legal basis of consent. A fine of €150,000 has been imposed and the company is required to implement corrective measures within three months.
