Jowanna Conboye discusses implications of European data breach case with Compliance WeekPosted: 28 Jan 2022
A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
Compliance Week analyses the case, and Jowanna Conboye, Data Protection and Intellectual Property Partner explains:
“The principles of this case are very pertinent to many businesses in the UK and EU, particularly those with group structures. When it comes to liability and fines the GDPR looks at ‘undertakings’ – an established principle enshrined in competition law that looks at finances and control, and often ignores the distinction between different group companies. It will therefore be very hard for a parent company like REWE to argue that it is not liable for GDPR breaches by a subsidiary company.”
Article written by:
Jowanna Conboye is a Partner Solicitor at Spencer West. She specialises in Intellectual property, trade marks, patents, licencing; information technology, software development, licence agreements, outsourcing, commercial contracts, B2B, B2C, online sales, GDPR, data sharing agreements, processor/controller agreements.
Partner - Intellectual Property; Technology; Commercial
Henry Clarke writes about the benefits of taking an entrepreneurial approach to law in Law Society Gazette
With a varied career in law, starting out at a ‘Magic Circle’ firm, holding legal staff roles within the British Army and...
The Everything Summary of Shareholder Disputes – Something to Keep Up Your Sleeve?
I have been advising companies and shareholders in relation to shareholder disputes for over twenty years, and in that time, I...