You are here:
15 January 2019 / article

The DDPA follows up on previously carried out checks regarding GDPR compliance

In November 2018, the Dutch Data Protection Authority (DDPA) randomly investigated whether banks and insurers complied with their obligation to appoint and register a data protection officer.

Belgian Fairness Tax partially violates EU law

(please see our previous blog on this topic of 22 November 2018).

The outcome of this investigation of 45 banks and 93 insurers was that 6 banks and 9 insurers had not yet registered their DPO with the DPPA and that 7 banks and 14 insurers did not comply with the requirement of making available the direct contact details of their DPO. Further hetero, the DDPA granted these companies an additional period to meet their obligations.

The DDPA has followed up on this and has verified whether these companies are compliant by now. On 14 January 2019, the DDPA published an update on its website stating that all checked insurers and banks had implemented the required changes and now do comply with the aforementioned obligations.

Since the GDPR entered into force on 25 May 2018, the DDPA has shown quite active in carrying out such (random) checks at various organizations in different sectors to monitor the level of compliance of different important requirements of GDPR.

Recent activities of the DDPA inter alia included investigations (on a random basis) on compliance with the obligation to maintain a register of record of data processing activities, the compliance level of privacy statements used by healthcare institutions and political parties and the (compulsory) appointment and registration of data protection officers by public organizations, hospitals and health care insurers.

We expect that the DDPA will in 2019 continue to carry out similar random checks to investigate the GDPR compliance level of organizations (in all types of industries and sectors) in the Netherlands. The DDPA has shown that non-compliance is not without any consequences and that it will follow up on identified issues.


For more information please contact Nina Orlić or Céline van Waesberge.

Supervision of AI and algorithmic processing of personal data

Dutch Data Protection Authority publishes vision document on supervision of AI and algorithmic processing of personal data. read more
World Data Privacy Day – What can we expect from the Belgian Data Protection Authority in 2020?

World Data Privacy Day – What can we expect from the Belgian Data Protection Authority in 2020?

28 January is World Data Privacy Day in the US, in Canada and in 47 European countries. Since 2007, this day is dedicated to raising awareness about the importance... read more
Mobile phone and colours - digital initiative

Digital initiative in the medical world

Digital Health Network, created in September 2019, aims at developing a tool bringing digitalisation to the Luxembourg healthcare industry. read more