Berlin e-commerce group fined for DPO conflict of interest Summary The Decision of the DPA* A Berlin-based e-commerce retail group appointed The BlnBDI (DPA) fined the e-commerce retail group a Data Protection Officer (DPO) who also served as 525,000 EUR for the following violation: the managing director of two service companies • Failing to ensure that the tasks assigned to the DPO that processed data on behalf of the controller. The did not result in a conflict of interest (GDPR, Article two service companies were part of the same group 37(6)). and were responsible for customer service and order fulfillment. When imposing the fine, the DPA considered the As part of their legal obligations, the DPO was controller’s high turnover in the previous financial responsible for ensuring compliance with data year, the DPO’s role as the point of contact for both protection laws by the service companies and making employees and customers, and the controller’s managerial decisions within them. deliberate continuation of the violation despite warnings. However, the controller cooperated fully with In 2021, the German DPA issued a warning to the the DPA and stopped the violation during the ongoing controller for violating data protection laws. Despite a fine proceedings, resulting in a reduced overall fine. subsequent inspection, it was found that the violation persisted. *The decision is not yet final. Published: 20-09-2022 Journal number: N/A Tags: 01 Legal basis and principles of processing 52