Privacy Matters

DLA Piper's Global Privacy and Data Protection Resource

Autoriteit Persoonsgegevens

NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial

28 July 2022 / , , ,

On 27 July 2022, the highest administrative court in the Netherlands, published its highly anticipated judgment involving the Dutch Data Protection Authority’s assessment of “legitimate interest” under Article 6(1)(f) GDPR. It was expected that the court would provide some clarification on whether “purely commercial interests” can qualify as legitimate interests within the meaning of Article …

NETHERLANDS: Highest court side-steps determining whether legitimate interests may be purely commercial Read More »

The Netherlands: 440,000 EUR fine for hospital re. unauthorised access to medical records

12 February 2021 / , , , ,

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam  hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch DPA conducted an investigation, and carried out an audit of …

The Netherlands: 440,000 EUR fine for hospital re. unauthorised access to medical records Read More »

The Netherlands: DPA imposes EUR 830,00 fine for access request fees

12 October 2020 / , , , ,

On the 6th of July 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR). BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. Companies like financial institutions …

The Netherlands: DPA imposes EUR 830,00 fine for access request fees Read More »

The Netherlands: DPA changes position – taking temperature might not be subject to GDPR

15 May 2020 / , ,

Since the COVID-19 outbreak, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) had made it clear, on several occasions, that taking temperature tests (or otherwise processing health data) as a precautionary measure in light of COVID-19 is a strict “no go”. The position of the Dutch DPA was that most individuals, in particular employees …

The Netherlands: DPA changes position – taking temperature might not be subject to GDPR Read More »

The Netherlands: Fine imposed on employer processing fingerprints of employees

1 May 2020 / , , , ,

By Stephanie Reinders Folmer and Richard van Schaik The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA“) issued a fine of EUR 725,000 for a company unlawfully processing fingerprints of its employees for attendance and time registration purposes. Under the GDPR, biometric data (e.g. fingerprints) processed for the purpose of identifying a natural person are considered a …

The Netherlands: Fine imposed on employer processing fingerprints of employees Read More »

29 January 2019 / , , , ,

NETHERLANDS: Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a press release stating that it received 20,881 notifications of data breaches in 2018. In comparison to 2017, the amount of data breach notifications has (more than) doubled. The largest amount …

Read More »

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs

20 January 2019 / , , , ,

The Dutch Supervisory Authority (Autoriteit Persoonsgegevens, “AP”) recently communicated a press release stating that it reached out to 30 organizations to request information relating to their data processing agreements (DPAs).  Organizations that have been contacted are companies in the media, energy and trade sectors. The AP has requested, among other things, what agreements organizations have …

THE NETHERLANDS: Dutch SA initiates exploratory investigation into DPAs Read More »

THE NETHERLANDS: DPA published phased plan to prepare for GDPR

30 August 2017 / , ,

By Richard van Schaik and Róbin de Wit Last week, the Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) published a step-by-step plan for organiations to prepare for the upcoming GDPR. The plan, consisting of 10 steps, reads as follows.   Awareness As a first step, key players within the organization (e.g. policymakers) need to …

THE NETHERLANDS: DPA published phased plan to prepare for GDPR Read More »

THE NETHERLANDS: new chairman DPA announces fines

30 August 2017 / , ,

By Richard van Schaik and Róbin de Wit Last week, the chairman of the Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”), Aleid Wolfsen, announced that several investigations around data breaches are pending and that the first serious fine is just a matter of time. Mr. Wolfsen is optimistic about the impact of the upcoming …

THE NETHERLANDS: new chairman DPA announces fines Read More »

Resources:

Linkedin-in Twitter Facebook-f Instagram Youtube Weixin
© 2023 DLA Piper. DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper’s structure, please refer to the Legal Notices page. All rights reserved. Attorney advertising.​