12.07.2019 | KPMG Law Insights

Fine for serious data protection violations

By Sebastian Hoegl, LL.M. (Wellington), Maik Ringel

Fine for serious data protection violations

“The U.K.’s Information Commissioner’s Office (ICO) intends to take action against U.S. hotel chain Marriott International, Inc. impose a hefty fine of more than GBP 99 million for serious data protection violations. At Mariott, data from more than 339 million guest records worldwide, including approximately 30 million from EU/EEA residents, was exposed as a result of a cyberattack. The data breach apparently occurred at Starwood Hotel Group before it was acquired by Mariott in 2016. The ICO said the size of the fine was justified because the data breach went undetected until 2018 due to poor data protection due diligence on the transaction and continued inadequate data security measures at Mariott. Since the data breach was discovered, Mariott has been cooperating with the ICO; otherwise, the fine would have been even higher. Mariott and the data protection authorities of the other EU member states whose residents are affected by the data breach now have the opportunity to comment on the allegations before the ICO makes its final decision.

The ICO’s actions show that data protection law is also becoming increasingly important in corporate acquisitions. Buyers must therefore not only assess the data protection risks in the target company as part of due diligence. But it is much more important to raise data protection at the target company to an appropriate level (at the latest) when it is integrated into the corporate group.”

Explore #more

09.03.2026 | KPMG Law Insights

MiCAR and whitepaper obligations – what the transitional regulations mean

The Markets in Crypto-Assets Regulation (MiCAR) has been in force for just over a year. Among other things, MiCAR obliges issuers and providers of crypto…

09.03.2026 | In the media

Guest article in Private Banking Magazine: What tokenized banknotes mean in day-to-day treasury operations

The future of payment transactions will be shaped not by new currencies, but by new processing models. A practical report by Marc Pussar (KPMG Law),…

06.03.2026 | In the media

Guest article in smartlegalmarket: Trends for legal departments in 2026 & 2027

KPMG Law has been surveying international legal departments on their challenges for more than ten years. The “Right to Progress” report is now regarded as…

06.03.2026 | KPMG Law Insights

Carve-out: The biggest risks and how the legal workstream avoids them

A carve-out does not usually fail due to a lack of ideas. And not due to a lack of buyers. Nor do they usually fail…

04.03.2026 | In the media

KPMG Law expert with statement in dpn magazine on the Location Promotion Act

Shortly after coming into force, the Location Promotion Act is apparently already having a noticeable effect on the investment plans of institutional market participants. In…

25.02.2026 | Deal Notifications

KPMG Law and KPMG advised Senstar on the acquisition of Blickfeld

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised Senstar group (Senstar) on the acquisition of all shares in Blickfeld GmbH (Blickfeld).…

20.02.2026 | KPMG Law Insights, Legal Financial Services

Consumer Credit Directive (CCD II) tightens rules for the banking industry

The revised Consumer Credit Directive fundamentally reorganizes the consumer credit business. From November 20, 2026, an extended scope of application and significantly stricter requirements will…

20.02.2026 | In the media

Guest article in PERSONALFÜHRUNG: Between tradition and transformation – HR in SMEs

The German SME sector is an exciting learning field for other organizations. Its structural characteristics not only shape the way decisions are made, but also…

19.02.2026 | Deal Notifications

KPMG Law advises DKB Finance and DKB Kreditbank on the sale of FMP Forderungsmanagement Potsdam to LOANCOS

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided comprehensive legal advice to DKB Finance GmbH and DKB Kreditbank AG on the sale of FMP Forderungsmanagement Potsdam…

17.02.2026 | KPMG Law Insights

Establishing complaint management – guidelines for companies and administration

Complaints are great. They show unvarnishedly where processes, communication or services are not working. And even if they initially seem stressful for everyone involved, those…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2026 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.