12.07.2019 | KPMG Law Insights

Fine for serious data protection violations

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine for serious data protection violations

“The U.K.’s Information Commissioner’s Office (ICO) intends to take action against U.S. hotel chain Marriott International, Inc. impose a hefty fine of more than GBP 99 million for serious data protection violations. At Mariott, data from more than 339 million guest records worldwide, including approximately 30 million from EU/EEA residents, was exposed as a result of a cyberattack. The data breach apparently occurred at Starwood Hotel Group before it was acquired by Mariott in 2016. The ICO said the size of the fine was justified because the data breach went undetected until 2018 due to poor data protection due diligence on the transaction and continued inadequate data security measures at Mariott. Since the data breach was discovered, Mariott has been cooperating with the ICO; otherwise, the fine would have been even higher. Mariott and the data protection authorities of the other EU member states whose residents are affected by the data breach now have the opportunity to comment on the allegations before the ICO makes its final decision.

The ICO’s actions show that data protection law is also becoming increasingly important in corporate acquisitions. Buyers must therefore not only assess the data protection risks in the target company as part of due diligence. But it is much more important to raise data protection at the target company to an appropriate level (at the latest) when it is integrated into the corporate group.”

Explore #more

12.01.2026 | In the media

Guest article in Economy and Competition: Earnings calls under (AI) control: New starting point for the Commission’s dawn raids

Public statements made by companies in earnings calls harbor antitrust risks: In such presentations of quarterly or annual results and the subsequent discussion with analysts,…

09.01.2026 | KPMG Law Insights

EmpCo comes into force – answers to the most important practical questions

Environmental statements are becoming increasingly risky for companies. Due to the Empowering Consumers Directive (EmpCo), much stricter rules will soon apply to environmental claims and…

05.01.2026 | In the media

KPMG Law expert in the Börsen-Zeitung on the digital euro

The digital euro is set to arrive by 2029. However, the central bank still has a lot of convincing to do. There is a great…

22.12.2025 | KPMG Law Insights

New EU directive tightens environmental criminal law

Environmental crime will be punished more severely in future. Directive (EU) 2024/1203 on the protection of the environment through criminal law is being transposed into…

19.12.2025 | KPMG Law Insights

Digital Omnibus: More efficiency instead of deregulation

The EU Commission wants to streamline digital laws. On November 19, 2025, it presented its proposals for the “Digital Omnibus” (including a separate AI Omnibus).…

18.12.2025 | Deal Notifications

KPMG Law and KPMG advise the shareholders of Frerk Aggregatebau on the sale to DEUTZ

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) provided comprehensive advice to the shareholders of Frerk Aggregatebau GmbH (Frerk) on the sale…

17.12.2025 | KPMG Law Insights

AI-supported risk checks of NDAs and CoCs: how legal departments benefit

Artificial intelligence can relieve legal departments of routine tasks such as checking non-disclosure agreements (NDAs) or codes of conduct (CoCs). These documents are part of…

16.12.2025 | In the media

Interview with KPMG Law experts: CSDDD after the omnibus: “Toothless tiger” or pragmatic solution?

The agreement on the Omnibus I package is causing discussion. Among other things, the thresholds for the EU Supply Chain Directive (CSDDD) have been significantly…

15.12.2025 | In the media

KPMG Law guest article in Tagesspiegel Background: What the digital omnibus means for companies today

The debate on the digital omnibus has only just begun. Companies should contribute their expertise to the ongoing process and strengthen their internal foundations –…

12.12.2025 | KPMG Law Insights

Focus offshore: NRW buys extensive tax data on international tax havens

According to recent press reports from December 11, 2025, the state of North Rhine-Westphalia has purchased an extensive data set with tax-relevant information from international…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.