ImageQuest, data graveyard, GDPR

A publicly-traded German real estate company faces multi-million euro fines under Europe’s General Data Protection Regulation (GDPR) for retaining data “longer than necessary” on its tenants.

Deutsche Wohnen is a Berlin-based property management company with a large portfolio of commercial, residential, nursing and assisted living units. In 2017, an audit of Deutche Wohnen’s data management policies flagged its “data graveyard” as out of compliance with GDPR.

Although Deutsche Wohnen took some steps to bring its data into GDPR compliance, authorities found two years later that the company continued to hold tenants’ personal data “longer than necessary.” Deutsche Wohnen now faces Germany’s largest GDPR fine to date, €14.5 million (US $15.95 million.)

The company plans to appeal.

While this is taking place in Germany and not the U.S., we urge you to think about what “data graveyard” your organization may have. Many breaches reported in the media involve old data or information stored on old systems.

You may not be face a data-retention regulation in your state today, but already several US states have looked at GDPR and enacted similar protections. For example, if you have California customers, they will have similar rights to having their data removed from your ‘graveyard’ starting next year.

Don’t risk fines and lawsuits. Talk with us today to learn more about our Risk Assessment services and other data management offerings!