You are here:
22 November 2018 / news

Dutch DPA checks on appointment of mandatory DPOs

After a check in the healthcare sector this summer, the Dutch Data Protection Authority (DDPA) is now continuing to carry out random checks on organizations to assess their level of compliance with the General Data Protection Regulation (GDPR). This time around, the DDPA carried out a check on 45 banks and 93 insurers to determine their level of compliance with regards to the appointment and registration of the (mandatory) data protection officer (DPO).

What is the impact of automatic information exchange under the MLI (TIEAs)

Of the checked companies 6 banks and 9 insurers had not yet registered the DPO with the DDPA. They were granted a period of 2 weeks to comply with the registration obligation.

To the banks and insurers that did not have DPOs appointed at all, a 4 week period was granted during which the appointment and registration of their DPO should be completed.

In addition, the checks also showed that 7 banks and 14 insurers did not comply with the requirement of providing the DPO’s direct contact details, for instance on the website or in the privacy notice. In that respect, the DDPA granted the companies concerned a two weeks period to update the contact details.

The DDPA emphasized that everybody should be able to contact a DPO directly and confidentially on privacy and data protection issues without them having to go through another person.

This aligns with the DDPA’s view as published on its website that seeing how banks and insurers process large amounts of personal data of their clients, such as identification data, financial data, transaction data and medical data, DPOs of such companies have a very important role in the protection of personal data and the organization’s compliance with the relevant data protection legislation.

Contact

For more information on data protection and compliance in the financial sector please contact Nina Orlić or Merel van Asch.



Class actions for breaches of the GDPR

Since the GDPR entered into force, there has been ample attention for regulatory enforcement and high fines. read more
Belgian Data Protection Authority scrutinised by Brussels Markets Court

Belgian Data Protection Authority scrutinised by Brussels Markets Court

In February 2020, the Markets Court (a division of Brussels’ Court of Appeal) annulled the decision by which the Belgian Data Protection Authority (BDPA) had... read more
Belgian DPA releases recipe for compliant cookies

Belgian Data Protection Authority releases recipe for compliant cookies

During these corona times, we have noticed a trend whereby many of us have started baking (cookies, cakes, and other delicious treats). It now appears that the... read more