12.07.2019 | KPMG Law Insights

Fine for serious data protection violations

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine for serious data protection violations

“The U.K.’s Information Commissioner’s Office (ICO) intends to take action against U.S. hotel chain Marriott International, Inc. impose a hefty fine of more than GBP 99 million for serious data protection violations. At Mariott, data from more than 339 million guest records worldwide, including approximately 30 million from EU/EEA residents, was exposed as a result of a cyberattack. The data breach apparently occurred at Starwood Hotel Group before it was acquired by Mariott in 2016. The ICO said the size of the fine was justified because the data breach went undetected until 2018 due to poor data protection due diligence on the transaction and continued inadequate data security measures at Mariott. Since the data breach was discovered, Mariott has been cooperating with the ICO; otherwise, the fine would have been even higher. Mariott and the data protection authorities of the other EU member states whose residents are affected by the data breach now have the opportunity to comment on the allegations before the ICO makes its final decision.

The ICO’s actions show that data protection law is also becoming increasingly important in corporate acquisitions. Buyers must therefore not only assess the data protection risks in the target company as part of due diligence. But it is much more important to raise data protection at the target company to an appropriate level (at the latest) when it is integrated into the corporate group.”

Explore #more

23.03.2026 | Deal Notifications

KPMG Law, KPMG Law AT as well as KPMG in Germany and KPMG in Austria advise GOLDBECK GmbH on the acquisition of 50 percent of the shares in ZAUNERGROUP Holding GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and Buchberger Ettmayer Rechtsanwälte GmbH (KPMG Law AT) as well as KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG in Germany) and KPMG…

19.03.2026 | KPMG Law Insights

Business Judgement Rule in the use of AI: how governing bodies are liable for decisions

If an AI provides the basis for business decisions, the people responsible are liable, not the machine. This makes the use of artificial intelligence risky…

16.03.2026 | KPMG Law Insights

KPIs in the legal department: How legal becomes strategically effective through control, transparency and data analysis

Today, legal departments are facing a strategic turning point: they must reliably hedge risks, but at the same time enable speed, control costs and make…

13.03.2026 | KPMG Law Insights

Commercial courts: when they are worthwhile for companies – and when they are not

Large commercial disputes are given courts specially tailored to their needs: the Commercial Courts. The German legislator introduced it with the Act to Strengthen the …

10.03.2026 | Deal Notifications

KPMG Law advises on the sale of Krasemann Hausverwaltung to Buena

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to the KRASEMANN family on the sale of KRASEMANN Immobilien- & Gebäudeservice GmbH (KIGS) and KRASEMANN…

09.03.2026 | KPMG Law Insights

MiCAR and whitepaper obligations – what the transitional regulations mean

The Markets in Crypto-Assets Regulation (MiCAR) has been in force for just over a year. Among other things, MiCAR obliges issuers and providers of crypto…

09.03.2026 | In the media

Guest article in Private Banking Magazine: What tokenized banknotes mean in day-to-day treasury operations

The future of payment transactions will be shaped not by new currencies, but by new processing models. A practical report by Marc Pussar (KPMG Law),…

06.03.2026 | In the media

Guest article in smartlegalmarket: Trends for legal departments in 2026 & 2027

KPMG Law has been surveying international legal departments on their challenges for more than ten years. The “Right to Progress” report is now regarded as…

06.03.2026 | KPMG Law Insights

Carve-out: The biggest risks and how the legal workstream avoids them

A carve-out does not usually fail due to a lack of ideas. And not due to a lack of buyers. Nor do they usually fail…

04.03.2026 | In the media

KPMG Law expert with statement in dpn magazine on the Location Promotion Act

Shortly after coming into force, the Location Promotion Act is apparently already having a noticeable effect on the investment plans of institutional market participants. In…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.