Back to Cases
technologyReal Estate · 2019
Deutsche Wohnen SE
The Berlin Commissioner for Data Protection (BlnBDI) fined real estate company Deutsche Wohnen SE €14.5 million for using an archiving system for tenant personal data — including proof of income, employment history, tax documents, health insurance details, and bank account information — that had no provision for deleting documents no longer required, violating GDPR Arts. 5(1)(e) and 25. The case generated significant EU legal debate: the Berlin Court of Appeal partially annulled the fine in 2021 on grounds that individual organisational fault must be proven, and the Bundesgerichtshof subsequently referred questions on corporate GDPR liability to the ECJ.
Fine Imposed€14.5M
Authority
BERLIN-DPA-DE
Regulation
Bundesdatenschutzgesetz (Federal Data Protection Act 2018)
Max fineGDPR maxima apply (€20M / 4% global turnover); BDSG §43 adds up to €300,000 for certain specific violations
Statusactive
Key Takeaways
- GDPR storage-limitation requires document management systems to include automated deletion workflows for personal data — organisations cannot retain tenant or customer documents indefinitely without a continuing lawful purpose, and this case became foundational EU precedent on corporate GDPR liability standards.