Data breach notification obligation and increased fines for privacy violations in The Netherlands


On May 26, 2015, the Eerste Kamer (First Chamber), aka the Dutch Senate, passed into law a draft bill that had been approved by the Tweete Kamer (Second Chamber), aka House of Representatives, in March (text available in Dutch here).

The Law introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach. After broadening the DPA’s investigative powers, the law imposes significantly higher fines for a wide range of privacy violations. Fines to data processors may be up to 10% of their net annual global revenues, capped at €810,000.

The law still needs a Royal Decree to enter into force.

For references see the following links:

Follow us on& Like us on