The German state of Rhineland-Palatinate’s privacy regulator recently fined a German insurance company €1,300,000 ($1.5 million) after the company purchased personal information of German state workers. The German regulator’s inquiry revealed that employees of the company had purchased information about public sector employees with the goal of recruiting those individuals as clients. The purchase was done without consent of the state workers, constituting a violation of Germany’s data protection laws, as well as a breach of the company’s internal policies. The fine was one of the largest in Germany’s data protection history. It was accompanied by a requirement that the company implement data protection processes and procedures to ensure compliance in the future.

TIP: This case underscores the importance to this German regulator of adhering to data protection laws. It also serves as a reminder for those companies subject to the German laws to ensure that they understand their compliance obligations, and that employees are complying with those obligations.