On July 1, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) published its 2019 annual report (the “Report”). The Report shows that in 2019, the Dutch DPA focused on enforcement actions, after having raised awareness about the EU General Data Protection Regulation (the “GDPR”) in 2018. Below are key findings from the Report.

In 2019, the Dutch DPA:

  • Received 26,956 data breach notifications, compared to 20,881 in 2018.
  • Received 27,854 complaints, including 959 international complaints. According to the Dutch DPA, the number of complaints shows how important privacy has become for individuals. This is confirmed by research commissioned by the Dutch DPA in early 2019 showing that no less than 94% of Dutch individuals are concerned about the protection of their personal data.
  • Intervened in 2,082 cases, including 2,017 cases relating to data breaches and complaints. This is twice as many as 2018.
  • Conducted 110 investigations, compared to 20 in 2018, and completed 59 of them. In 24 of the 59 completed investigations, the Dutch DPA found infringements.
  • Imposed fines four times, for a total amount of more than 2.5 million euros. The infringements sanctioned by the Dutch DPA concerned access to medical records, unlawful sale of personal data, unlawful processing of biometric data and non-compliance with individuals’ access rights.
  • Imposed seven corrective measures, including penalty payment orders and reprimands.
  • Advised on 105 draft laws, including laws on credit registration, preventive debt assistance and partnerships, compared to 82 in 2018.
  • Received 6,940 requests for information, compared to 21,395 in 2018.

Read the press release and the full report (available in Dutch).