AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

€14.5 Million GDPR Fine for Non-compliant Data Retention Schedule

Non-compliant Data Retention Schedule

The Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit ), has issued a €14.5 million GDPR fine to German company die Deutsche Wohnen SE. The fine was issued on October 30th, 2019, as one of the highest fine issued so far in Germany.

What we would really like to talk about is the reason behind the fine. As stated in the official press release by the Berlin DPA:

“During on-site inspections in June 2017 and March 2019, the supervisory authority found that the company used an archive system for the storage of personal data of tenants that did not provide the possibility of removing data that was no longer required.[…] In some of the individual cases that were examined, it was, therefore, possible to find years-old private data from tenants that were preserved, although they were no longer necessary for the purpose of their original collection. “

The reason behind the €14.5 million GDPR fine

The reason for this multi-million fine may lie in the fact that the Berlin Commissioner for Data Protection recommended an adjustment of the archive systems during the first inspection in 2017.

However, the company was unable to fix the issue (although the effort was made, it just didn’t suffice). The fact is – the data removal process introduces a set of new challenges for a DPO, amplified with the lack of understanding about where the data is stored, and no real insight into the technical and business implication of data removal.

When a company is processing a large amount of data across multiple systems, automation is the only way to avoid the possibility of human error and reduce the risk of non-compliance.

Download e-book: GDPR compliant personal data removal

Nonetheless, there were other factors involved:

“…The specific determination of the amount of the fine, the Berlin Commissioner for Data Protection has used the legal criteria, taking into account both aggravating and mitigating factors. The fact that Deutsche Wohnen SE had deliberately set up the archive structure in question and that the data concerned had been processed in an inadmissible manner over a long period of time…”

We have been talking about the importance of compliant data removal for a while now. However, this is what we continuously observe. The indifference towards certain parts of the compliance process until it is too late, and the fine is issued.

However, it is never too late. Start reading our blogs to get a better understanding of the GDPR compliant data removal orchestration.

Read the blog: GDPR Requirements for Compliant Data Removal

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top