PWC Business Solutions – €150,000 Fine (Greece, 2019)

€150,000Hellenic Data Protection Authority30 July 2019Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Hellenic Data Protection Authority fined PWC Business Solutions €150,000 for wrongly using consent as a legal basis to process employee data. The company misled employees about the legal grounds for data processing, violating transparency rules. This case underscores the importance of choosing the correct legal basis for data processing and being transparent with employees.

What happened

PWC Business Solutions processed employee data under the wrong legal basis, claiming consent when other legal grounds applied.

Who was affected

Employees of PWC Business Solutions whose personal data was processed under misleading legal grounds.

What the authority found

The HDPA found that PWC misused consent as a legal basis, violating transparency and accountability principles.

Why this matters

This case emphasizes that companies must carefully assess and communicate the legal basis for processing personal data, especially in employment contexts. Misleading employees about data processing grounds can lead to significant fines.

GDPR Articles Cited

AI-verified

Art. 5(1) GDPR
Art. 5(2) GDPR
Art. 6(1) GDPR
Art. 13(1)(c) GDPR
Art. 14(1)(c) GDPR
View original scraped data
Art. 5(1) GDPR
Art. 5(2) GDPR
Art. 6(1) GDPR
Art. 13(1)(c) GDPR
Art. 14(1)(c) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Greece enforcementHellenic Data Protection Authority actionsAll PWC Business Solutions actions
Full Legal Summary
Detailed

The processing of employee personal data was based on consent. The HDPA found that consent as legal basis was inappropriate, as the processing of personal data was intended to carry out acts directly linked to the performance of employment contracts, compliance with a legal obligation to which the controller is subject and the smooth and effective operation of the company, as its legitimate interest. In addition, the company gave employees the false impression that it was processing their personal data under the legal basis of consent, while in reality it was processing their data under a different legal basis. This was in violation of the principle of transparency and thus in breach of the obligation to provide information under Articles 13(1)(c) and 14(1)(c) of the GDPR. Lastly, in violation of the accountability principle, the company failed to provide the HDPA with evidence that it had carried out a prior assessment of the appropriate legal bases for processing employee personal data

Related Enforcement Actions (0)

No other enforcement actions found for PWC Business Solutions in GR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

30 July 2019

Authority

Hellenic Data Protection Authority

Fine Amount

€150,000

Enforcement Tracker ID

ETid-65

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. PWC Business Solutions - Greece (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: