A property Firm faces £12m Fine For Data Breach
Data Privacy | Seers BlogDecember 5, 2019 |Data Privacy
Recently, a lack of adequate data protection measures has resulted in a data breach.
A property company in Berlin has received a penalty of £12.4m for breaching data privacy regulations.
Now, the noose has tightened for UK real estate along with their agents.
A German company, Deutsche Wohnen, said that they had made a huge mistake by using a software system that didn’t automatically remove obsolete information.
This minor blunder has made their tenant data vulnerable and eventually fined for a breach.
Seemingly, it is the first and the largest GDPR fine enforced for data retention activities on a property company.
To shake up British agents, a lawyer has warned them to take steps with extreme care.
Otherwise, under the data protection law, if they stand accused the consequences will be worse.
The fine could have been much more than the current figure, such as €20m or 4% of global turnover. But, there was no misuse of actual data except a breach of admin obligations GDPR.
The effects of General Data Protection Regulation
The General Data Protection Regulation applies to every country that comes under EU territory. It came into effect on May 25, 2018, and will keep on applying in the UK after the Brexit.
The Data Protection Regulator of Berlin’s has sent a penalty notice to the Deutsche Wohnen over its archiving storage of tenants’ personal data.
Deutsche Wohnen breached its legal obligations by keeping personal data for longer than required.
The property firm is understood to be appealing to the notice.
The total figure of the penalty could have gone higher to millions of pounds. But, Deutsche Wohnen’s cooperation while the situation was under investigation and to address its failure put them in good standing with the regulator.
Nevertheless, the factor which aggravated the situation was a significant amount of time that the firm took over for processing the personal data.
Everyone, including the UK’s Information Commission and other data protection regulators, will be looking forward to the results of this investigation.
Emily Dorothea, an associate at UK law firm Mishcon de Reya. She said: “This case also serves a reminder to property companies to review regularly the personal data. The data which they store and delete or anonymise any data which no longer required.
“Removal of unnecessary personal data also reduces their exposure to data leaks or security breaches.”
She adds: “However, where companies can reasonably justify retaining personal data, for example, for tax record purposes, this will arguably provide a basis to continue holding on to the data.”