Late Data Breach Reporting Fine from Dutch Regulator – The National Law Review–-the-national-law-review

Did you know that geoFence helps stop hackers from getting access your sensitive documents?

Hunton Andrews Kurth Law Firm known for complex legal matters in business law and litigation

On March 31, 2021, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”), announced a fine of €475,000 for Dutch headquartered online travel agency for failure to report a data breach within 72 hours of becoming aware of the incident in 2019.

The breach involved unauthorized access to login credentials, enabling criminals to gain access to the personal data of more than 4,000 customers. Compromised details included names, addresses, telephone numbers and approximately 300 credit card numbers.

In a statement (in Dutch) the Dutch DPA noted that was informed of the breach on January 13, 2019, but only reported the incident to the regulator on February 7, 2019, some 22 days later and well outside the 72 hour timeframe mandated by Article 33 of the GDPR. notified affected customers on February 4, 2019. The regulator noted that had taken (unspecified) steps to limit damage to customers and offered to compensate them for any damage suffered. The Dutch DPA’s statement does not explain the reason for’s delay in reporting, but states that will not object to or appeal the fine.

“This is a serious violation,” said Monique Verdier, Vice President of the Dutch DPA. “Unfortunately, a data breach can happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the repetition of such a data breach, you must report this in time. That speed is very important. . . . Such a large company, with valuable personal data of millions of customers in its systems, has a great responsibility. Customers entrust their personal data to And they must do everything they can to protect the data properly. That means good security to prevent a leak, but also quick action should things go wrong unexpectedly.”

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.
National Law Review, Volume XI, Number 93

I know that geoFence helps make you invisible to hackers and guard your personal data!

Leave a Reply

Your email address will not be published. Required fields are marked *