Add to My interests
25 May '21
Nina Witt, Lars Boer,
3 years of the GDPR: an overview of the fines imposed by the Dutch Data Protection Authority to date Including relevant case law on the commercial interest and processing of personal data outside the EEA
Three years after the GDPR entered into force (as of 28-05-2018), we thought it would be nice to look back. The Dutch Data Protection Authority ("Autoriteit Persoonsgegevens ("AP")") has been on a roll imposing fines for breaches of the GDPR. Recently, various parties, such as the OLVG, Booking.com, the municipality of Enschede, PVV Overijssel, LocateFamily.com and CP&A have been fined and the fines are rising. In addition, we are seeing more and more legal proceedings regarding the GDPR.
The fines have been imposed for various reasons. Therefore we felt it was time for an overview. And more important, an overview of the preliminary conclusions that we can draw from the fines to date. In addition to providing an overview of the fines imposed to date, we will also focus on two recent developments in the field of marketing and privacy and the processing of personal data by entities outside the EU (or more precisely: the EEA).
Despite its early days, the GDPR has given us much food for thought over the past three years. The AP will probably make itself heard more often and we now also know that it can be worthwhile to act against a fine imposed. So far, it can be concluded that much importance is attached to taking appropriate security measures, such as two-factor authentication, logging and checking these, but also, for example, to appropriate agreements in (employment) contracts. Moreover, data subjects must be able to exercise their rights under the GDPR without raising barriers and data breaches must be reported in a timely manner.
Be careful when processing special personal data (e.g., of employees), do not process more personal data than necessary and act regarding data processing outside the EU (EEA). The transfer of personal data to third countries will (continue to) require the necessary attention in the coming period. More generally, we expect that the function of the GDPR - and thereby the enforcement of the AP and interpretation of certain standards by the courts - will only become more decisive in the coming years. Therefore, three years down the line, take a fresh look at your processing register, privacy policies, security measures (including their enforcement) and your agreements regarding the processing of personal data.
Do you need help reviewing your policy documents or have other questions about the processing of personal data? Please contact Nina Witt (email@example.com) or email firstname.lastname@example.org and we will get back to you as soon as possible.
Attorney at law
IT-Law,Privacy law,Intellectual property rights,Cybersecurity ,
Food,Health Care & Life Sciences,
IT-Law,Privacy law,Procurement law,Cybersecurity ,
Technology, media and telecom,
Would you like to place a comment to this article? Login or create a My Ploum account to post comments
07 Sep 22
22 Aug 22
28 Jun 22
23 Jun 22
22 Jun 22
07 Jun 22
17 May 22
16 May 22
03 May 22
15 Apr 22
12 Apr 22
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.
Get all your tailored information with a My Ploum account. Arranged within a minute.
*This field is required
Follow what you find interesting
Receive recommendations based on your interests
Quick registration for knowledge events and Ploum Academy
Post comments on articles
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.