The General Data Protection Regulation (GDPR) entered into force on 25 May 2018. This European legislation required a great deal of change in the European Union. Companies were confronted with rules concerning the use of personal data and had to make a clear consideration of interests. The use of documents such as the privacy statement and data processing agreement became important. Each Member State also had to establish its own supervisory authority in this area. In the Netherlands this is the Dutch Data Protection Authority. The Dutch Data Protection Authority is responsible for supervising correct compliance with the GDPR in the Netherlands and is handling complaints for this.

The fact that the GDPR has caused a great deal is evident from the fact that in 2018 more than 20,000 complaints about privacy violations were received by the Dutch Data Protection Authority. The Dutch Data Protection Authority is obliged to act on every complaint, if they consider a complaint to be justified, this may result in high fines for the offending company. The Dutch Data Protection Authority has drawn up its own fines policy, it can in any case impose fines of a maximum of € 20,000,000 or 4% of worldwide turnover on an organisation that violates a fundamental obligation. For example, the Uber taxi service was fined € 600,000 for late reporting of a data breach and the Dutch health insurer Menzis received a penalty of € 50,000 for unauthorized access to certain health data. The Dutch National Police also received a penalty of € 40,000 for inadequate protection of personal data.

The fines policy rules of the Dutch Data Protection Authority will expire once the European Data Protection Board has reached an agreement on a fines policy that will apply to the European Union. However, fines for privacy violations are unlikely to go away. All the more reason to meet all obligations as a company. Privacy Assistant makes this as easy and affordable as possible for you.