The Netherlands DPA confirms its GDPR fining policy


The Netherlands’ Data Protection Authority has published its GDPR fining policy which divides breaches into four categories according to their severity. The overlapping categories are:

1. up to 200,000 euros
2. 120,000 to 500,000 euros
3. 300,000 to 750,000 euros
4. 450,000  to 1 million euros.

A higher fine than 1 million euros is, of course, possible if the circumstances so require. It remains to be seen what the other DPAs will do, as the European Data Protection Board aims at consistency.

The fining structure is described here in Dutch.


If you would like to comment on this article, please login or register.


Tag cloud