26 November, 2014
An amendment to the law on data breaches and the Dutch Data Protection Authority (DPA) reveals that the DPA will be able to issue more and higher fines in the future.
If the amendment is approved by the parliament, the DPA will be authorized to issue more and higher fines to organisations that act in breach with data protection laws. Currently, the organisation can only issue fines if companies or governments omit to notify the DPA that they’re processing data. If the amendment passes the parliament, the DPA will also be allowed to issue fines if data is incorrectly processed, data is stored too long, security measures are insufficient or when data is used for other purposes than they were collected for originally.
At the moment the DPA is allowed to lay down fines with a maximum of €4500,-. If the amendment enters into force, the DPA will be allowed to lay down fines with a maximum of €20.250 for less severe incompliance cases and up to €810.000 for serious breaches of the data protection laws. Before the DPA issues a fine, organisations will receive a warning called a ‘binding indication’. In this situation, the breaching organisation gets some times to make changes in order to be compliant. If an organisation fails to make changes the DPA will issue a fine.
The expansion of the DPA’s authority to issue fines could also have impact on your organisation. Would you like to know more about the risks for your organisation? Please contact our legal experts via email@example.com or via +31 (0)20-7370069.