The Data Protection Authority concluded that PwC:
- Unlawfully processed the personal data of its employee’s contrary to the provisions of Article 5 (1) (a) of GDPR and used an inappropriate legal basis.
- Processed the personal data of its employees in an unfair and non-transparent manner by giving them the false impression it was processing their data under the legal basis of consent. In reality, the company was processing their data under a different legal basis which they were not informed about.
- Was not able to demonstrate compliance with Article 5 (1) of GDPR and violated the principle of accountability in Article 5 (2) by transferring burden of proof of compliance to employees.
PwC has been given three months to put in place recommended corrective measures that would bring the processing of employee’s personal data in compliance with provisions of GDPR.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.