Non-compliant Data Retention ScheduleThe Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit ), has issued a €14.5 million GDPR fine to the German company die Deutsche Wohnen SE. The fine was issued on October 30th, 2019, and it is the highest fine so far in Germany.

What we would really like to talk about is the reason behind the fine. As stated in the official press release by the Berlin DPA:

“During on-site inspections in June 2017 and March 2019, the supervisory authority found that the company used an archive system for the storage of personal data of tenants that did not provide the possibility of removing data that was no longer required.[…] In some of the individual cases that were examined, it was, therefore, possible to find years-old private data from tenants that were preserved, although they were no longer necessary for the purpose of their original collection. “

The reason behind €14.5 million GDPR fine

The reason for this multi-million fine may lie in the fact that the Berlin Commissioner for Data Protection recommended an adjustment of the archive systems during the first inspection in 2017.

However, the company was unable to fix the issue( although the effort was made, it just didn’t suffice). If only there were a solution for GDPR Compliant Personal Data Removal that could help companies with the orchestration of Data Removal. Oh, wait, there is!

Nonetheless, there were other factors involved:

“…The specific determination of the amount of the fine, the Berlin Commissioner for Data Protection has used the legal criteria, taking into account both aggravating and mitigating
factors. The fact that Deutsche Wohnen SE had deliberately set up the archive structure in question and that the data concerned had been processed in an inadmissible manner over a
long period of time…”


We have been talking about the importance of compliant data removal for a while now. However, this is what we continuously observe. The indifference towards certain parts of the compliance process until it is too late, and the fine is issued.

However, it is never too late. Start reading our blogs to get a better understanding of the GDPR compliant data removal orchestration.

Read the blog: GDPR Requirements for Compliant Data Removal