REWE International $9M GDPR fine a lesson in managing subsidiary risk
By 
Neil Hodge2022-01-25T19:24:00
A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
ArticleGDPR enforcement roundup: Austrian Post facing new record fine
The Austrian Post is once again appealing what would be a record GDPR fine in the country after successfully defending itself in the first instance. Other recent decisions under the law provide further enforcement trends.
-
ArticleTrio of U.K. fines expose third-party risks under GDPR
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
-
Article
In second drastic reduction, ICO fines Marriott $23.8M
The Marriott GDPR fine handed down by the U.K. Information Commissioner’s Office is less than 20 percent of the original number the regulator proposed, the second time this month such a drastic reduction has taken place.
More from Regulatory Enforcement
-
ArticleDOJ makes good on corporate-friendly enforcement policy with Balt resolution
The ink was barely dry on the U.S. Department of Justice’s new corporate enforcement policy (CEP) when the agency announced it would not prosecute Balt SAS for alleged bribery violations.
-
ArticleBoA settles class-action related to its dealings with Jeffrey Epstein
Bank of America has agreed to settle a class-action lawsuit alleging know-your-customer and other failings in its dealings with convicted sex offender Jeffrey Epstein.
-
News BriefSEC’s Uyeda: ‘Enforcement is the wrong way’ to handle off-channel communications
The U.S. Securities and Exchange Commission’s Mark Uyeda told an audience of investment advisers that the SEC will no longer prioritize stand-alone enforcement actions for violations of the SEC’s rules on off-channel communications.