German property company Deutsche Wohnen SE has been fined €14.4 Million for breaches of GDPR by the Berlin data supervisory authority in Germany. This is reported to represent 2% of the company’s global turnover, so is only half the maximum fine that could have been imposed under GDPR.
It’s worth noting that this time the breach did not relate to security issues or breaches. The breach was that the company retained individual (domestic) tenants’ details, even where the information was no longer needed, there was no retention policy in place, and the systems used for storing the information had no facility which would allow deletions on a case by case basis. The authority therefore fined Deutsche Wohnen for breaches of GDPR Article 5 (“data minimisation” principle) and Article 25 (“privacy by design” principle).