Search
Contact
12.07.2019 | KPMG Law Insights

Fine for serious data protection violations

Fine for serious data protection violations

“The U.K.’s Information Commissioner’s Office (ICO) intends to take action against U.S. hotel chain Marriott International, Inc. impose a hefty fine of more than GBP 99 million for serious data protection violations. At Mariott, data from more than 339 million guest records worldwide, including approximately 30 million from EU/EEA residents, was exposed as a result of a cyberattack. The data breach apparently occurred at Starwood Hotel Group before it was acquired by Mariott in 2016. The ICO said the size of the fine was justified because the data breach went undetected until 2018 due to poor data protection due diligence on the transaction and continued inadequate data security measures at Mariott. Since the data breach was discovered, Mariott has been cooperating with the ICO; otherwise, the fine would have been even higher. Mariott and the data protection authorities of the other EU member states whose residents are affected by the data breach now have the opportunity to comment on the allegations before the ICO makes its final decision.

The ICO’s actions show that data protection law is also becoming increasingly important in corporate acquisitions. Buyers must therefore not only assess the data protection risks in the target company as part of due diligence. But it is much more important to raise data protection at the target company to an appropriate level (at the latest) when it is integrated into the corporate group.”

Explore #more

10.07.2026 | KPMG Law Insights

New Packaging Implementation Act tightens obligations for companies

  Co-author: Séverine Sieprath, Director of Audit, KPMG AG Wirtschaftsprüfungsgesellschaft   The Packaging Implementation Act (VerpackDG),…

09.07.2026 | In the media

Op-Ed in *Versicherungsmagazin*: D&O Insurance—A Legal Safety Net in Turbulent Times

Liability risks for executives are increasing significantly: New regulatory requirements such as NIS-2, CSRD, and the Supply Chain Act are expanding the responsibilities of managing

02.07.2026 | KPMG Law Insights

Registered mail with return receipt no longer provides proof of delivery—here are some alternatives

Registered mail with return receipt, when used as part of electronic documentation, no longer constitutes prima facie evidence of a…

02.07.2026 | Deal Notifications

KPMG Law advises the Prinzhorn Group on the acquisition of Stora Enso’s German facilities

KPMG Law has advised Mosburger GmbH, a subsidiary of Dunapack Packaging and part of the Austrian Prinzhorn Group, on the acquisition of Stora Enso’s German…

02.07.2026 | In the media

KPMG Law Interview in Focus Business: EmpCo Is Coming: Sustainability Marketing Becomes a Top Priority

Stricter EU rules set clearer boundaries for climate pledges and social claims. KPMG Law expert Manuela Meyer explains which claims must be verified and how…

29.06.2026 | KPMG Law Insights

Embedding Digital Sovereignty in the Enterprise – Legal Requirements for IT Systems

Digital sovereignty is an important strategic success factor, and many measures are also required by law. Through legislation such as the Data Act, NIS-2, the…

25.06.2026 | In the media

KPMG Law Interview in fvw I Traveltalk: Upcoming EU Package Travel Directive — “For the industry, the real work is just beginning”

After more than two and a half years, the legislative process, including publication, was recently completed. Now the deadline for tour operators and travel agencies…

24.06.2026 | Deal Notifications

KPMG Law advised the shareholders of Zimmermann PV-Steel Group on the sale to Nextpower

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised the shareholders of Zimmermann PV-Steel Group (Zimmermann) on the sale of the company to Nextpower™ (Nasdaq: NXT), a…

23.06.2026 | KPMG Law Insights

Germany is modernizing its arbitration law

On June 10, 2026, the Federal Government presented a draft of the “Act on the Modernization of Arbitration Law.” Its aim is to adapt the…

18.06.2026 | In the media

KPMG Law Guest Article in *Innovative Administration*: Protection in Turbulent Times

Board members of municipal enterprises face personal, unlimited liability, which is further exacerbated by the unique characteristics of the public sector. D&O insurance protects their…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll