Dutch DPA Releases 2019 Annual Report
Time 2 Minute Read
Categories: European Union, International

On July 1, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) published its 2019 annual report (the “Report”). The Report shows that in 2019, the Dutch DPA focused on enforcement actions, after having raised awareness about the EU General Data Protection Regulation (the “GDPR”) in 2018. Below are key findings from the Report.

In 2019, the Dutch DPA:

  • Received 26,956 data breach notifications, compared to 20,881 in 2018.
  • Received 27,854 complaints, including 959 international complaints. According to the Dutch DPA, the number of complaints shows how important privacy has become for individuals. This is confirmed by research commissioned by the Dutch DPA in early 2019 showing that no less than 94% of Dutch individuals are concerned about the protection of their personal data.
  • Intervened in 2,082 cases, including 2,017 cases relating to data breaches and complaints. This is twice as many as 2018.
  • Conducted 110 investigations, compared to 20 in 2018, and completed 59 of them. In 24 of the 59 completed investigations, the Dutch DPA found infringements.
  • Imposed fines four times, for a total amount of more than 2.5 million euros. The infringements sanctioned by the Dutch DPA concerned access to medical records, unlawful sale of personal data, unlawful processing of biometric data and non-compliance with individuals’ access rights.
  • Imposed seven corrective measures, including penalty payment orders and reprimands.
  • Advised on 105 draft laws, including laws on credit registration, preventive debt assistance and partnerships, compared to 82 in 2018.
  • Received 6,940 requests for information, compared to 21,395 in 2018.

Read the press release and the full report (available in Dutch).

Tags: Data Protection Authority, GDPR, Netherlands, Personal Data
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page