Privacy watchdog is really going to impose fines for data leaks
The Dutch Personal Data Authority confirmed last week that it is really going to use its power to impose fines. A large amount of data leaks have been found since the implementation of the new Personal Data Protection Act. With this announcement to impose fines the privacy watchdog is showing its teeth.
More than 4,000 reports of data leaks
Since the implementation of the data leaks notification requirement at the beginning of this year, 172 of the 390 Dutch municipalities have reported a data leak to the Dutch Authority Personal Data, and more than 4,000 reports were filed. The Authority has conducted dozens of investigations into data leaks that were reported under the new data leaks notification requirement in the past 9 months. The recently appointed chairman, Aleid Wolfsen, indicates that there is a series of leaks where companies failed to protect data. Fines will probably be imposed for this.
Two companies were recently reprimanded after it turned out that it had installed WiFi trackers in a public space. WiFi trackers record, unrequested, who walks past it based on unique MAC addresses of smart phones and other electronic devices with a WiFi chip.
Considerable damage with data leak
Customers expect that you diligently protect company and personal data they entrusted you with. But is that also the case? You send emails, use the internet and do online banking. In addition, you have a website, and maybe you are also active on social media. Despite measures, such as installing a virus scanner or establishing rules for safe internet use, your company (small or big) can become the victim of fraud, data leaks, identity theft, and hacking. This can seriously damage your company reputation and lead to considerable financial damages.
Amendment Personal Data Protection Act
The Dutch legislator amended the Dutch Personal Data Protection Act as of January 1, 2016. Companies and government institutions are now obligated to report big and small data leaks, and if there is an insufficient level of data protection, the Dutch Personal Data Authority can decide to impose a fine. Since January 1, 2016 it is entitled to impose fines on companies up to an amount of €820,000, or 10% of the annual sales worldwide.
Do you regularly deal with personal data and do you want to know if your organization complies with the new obligations under the changed law and effective regulation? Do you want to know what your organization can do to prevent cybercrime? Then you should contact Fruytier Lawyers in Business. We will gladly advise you.