Large data protection fines now a reality!

By Debbie Evans, Legal & Commercial Director

Dutch Data Protection Act

The European reforms to the data protection rules still to be agreed may result in large fines being imposed from data protection breaches of the greater of 5% of companies annual worldwide turnover of €100million.

However the Dutch are leading the way following their recent adoption in May 2015 of changes to their Data Protection law. The Dutch Senate adopted a Data Breach Notifications bill, which amends the Dutch Data Protection Act and the Telecommunications Act. The impact of the changes are the authorities right to impose fines of up to €810,000 or 10% of its annual turnover per violation.

The Dutch changes should be in force from January 2016 and will put additional pressure on Dutch connected companies to review their data protection notification and compliance measures. The key requirement of the change is the need for companies to immediately notify the Dutch Data Protection Authority where a security breach has or is likely to have a serious adverse effect on personal data protection.

The severity of fines imposed are to be assessed against:

  • Nature and scope of data breaches;
  • Nature of breached personal data;
  • The extent of existing technical measures; and
  • Consequence to affected individual’s privacy.

Time is ticking for the other European countries too - are you ready?