12.07.2019 | KPMG Law Insights

Fine for serious data protection violations

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine for serious data protection violations

“The U.K.’s Information Commissioner’s Office (ICO) intends to take action against U.S. hotel chain Marriott International, Inc. impose a hefty fine of more than GBP 99 million for serious data protection violations. At Mariott, data from more than 339 million guest records worldwide, including approximately 30 million from EU/EEA residents, was exposed as a result of a cyberattack. The data breach apparently occurred at Starwood Hotel Group before it was acquired by Mariott in 2016. The ICO said the size of the fine was justified because the data breach went undetected until 2018 due to poor data protection due diligence on the transaction and continued inadequate data security measures at Mariott. Since the data breach was discovered, Mariott has been cooperating with the ICO; otherwise, the fine would have been even higher. Mariott and the data protection authorities of the other EU member states whose residents are affected by the data breach now have the opportunity to comment on the allegations before the ICO makes its final decision.

The ICO’s actions show that data protection law is also becoming increasingly important in corporate acquisitions. Buyers must therefore not only assess the data protection risks in the target company as part of due diligence. But it is much more important to raise data protection at the target company to an appropriate level (at the latest) when it is integrated into the corporate group.”

Explore #more

12.12.2025 | KPMG Law Insights

Focus offshore: NRW buys extensive tax data on international tax havens

According to recent press reports from December 11, 2025, the state of North Rhine-Westphalia has purchased an extensive data set with tax-relevant information from international…

12.12.2025 | Deal Notifications

KPMG Law advises The Chemours Company on the implementation and closing of a large-volume factoring financing

KPMG Law Rechtsanwaltsgesellschaft GmbH (KPMG Law) advised the US-American Chemours Company on the implementation of a cross-border factoring financing. The legal implementation was managed by…

11.12.2025 | KPMG Law Insights

First omnibus package to relax CSDDD, CSRD and EU taxonomy obligations

Negotiators from the EU Parliament and the Council have now reached an agreement on the outstanding points of the first omnibus package. The content of…

11.12.2025 | KPMG Law Insights

IPCEI-AI: Requirements for funding and evaluation criteria

On December 5, 2025, the Federal Ministry for Economic Affairs and Energy launched the expression of interest procedure for the “IPCEI Artificial Intelligence” (IPCEI-AI) funding…

11.12.2025 | In the media

Interview in TextilWirtschaft – What the relaxed EU supply chain law means for the industry

After weeks of debate, the weakened form of the CSDDD has now been adopted in Brussels. This brings new, complex legal uncertainties for companies, says…

02.12.2025 | KPMG Law Insights

Implementation of the Pay Transparency Directive: what the expert commission recommends

The EU Pay Transparency Directive has been in force since June 2023 and must now be transposed into German law. In the coalition agreement,…

28.11.2025 | In the media

KPMG Law Guest article Expert forum on employment law: Between theory and practice: The EU Blue Card and the right to short-term mobility within the EU

Nowadays, not only employees but also employers want to create more attractive working conditions. For some time now, so-called workstations / work-from-anywhere programs or other…

26.11.2025 | KPMG Law Insights

EU deforestation regulation forces companies to act

Anyone who trades in or uses the raw materials soy, oil palm, cattle, coffee, cocoa, rubber and wood and certain products made from them should…

25.11.2025 | KPMG Law Insights

Special infrastructure assets: how the administration manages to implement projects quickly

The special infrastructure fund creates the opportunity to catch up on years of investment backlog. There is a need for urgency. Defence capability, economic growth…

21.11.2025 | In the media

KPMG Law Interview in Real Estate I Haufe: Substitute building materials: “Secondary is not second class”

The Substitute Building Materials Ordinance is intended to harmonize the circular economy in construction, but legal uncertainty and bureaucracy are holding it back. How can…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.