You are here:
15 January 2019 / article

The DDPA follows up on previously carried out checks regarding GDPR compliance

In November 2018, the Dutch Data Protection Authority (DDPA) randomly investigated whether banks and insurers complied with their obligation to appoint and register a data protection officer.

Belgian Fairness Tax partially violates EU law

(please see our previous blog on this topic of 22 November 2018).

The outcome of this investigation of 45 banks and 93 insurers was that 6 banks and 9 insurers had not yet registered their DPO with the DPPA and that 7 banks and 14 insurers did not comply with the requirement of making available the direct contact details of their DPO. Further hetero, the DDPA granted these companies an additional period to meet their obligations.

The DDPA has followed up on this and has verified whether these companies are compliant by now. On 14 January 2019, the DDPA published an update on its website stating that all checked insurers and banks had implemented the required changes and now do comply with the aforementioned obligations.

Since the GDPR entered into force on 25 May 2018, the DDPA has shown quite active in carrying out such (random) checks at various organizations in different sectors to monitor the level of compliance of different important requirements of GDPR.

Recent activities of the DDPA inter alia included investigations (on a random basis) on compliance with the obligation to maintain a register of record of data processing activities, the compliance level of privacy statements used by healthcare institutions and political parties and the (compulsory) appointment and registration of data protection officers by public organizations, hospitals and health care insurers.

We expect that the DDPA will in 2019 continue to carry out similar random checks to investigate the GDPR compliance level of organizations (in all types of industries and sectors) in the Netherlands. The DDPA has shown that non-compliance is not without any consequences and that it will follow up on identified issues.


For more information please contact Nina Orlić or Céline van Waesberge.

Class actions for breaches of the GDPR

Since the GDPR entered into force, there has been ample attention for regulatory enforcement and high fines. read more
Belgian Data Protection Authority scrutinised by Brussels Markets Court

Belgian Data Protection Authority scrutinised by Brussels Markets Court

In February 2020, the Markets Court (a division of Brussels’ Court of Appeal) annulled the decision by which the Belgian Data Protection Authority (BDPA) had... read more
Belgian DPA releases recipe for compliant cookies

Belgian Data Protection Authority releases recipe for compliant cookies

During these corona times, we have noticed a trend whereby many of us have started baking (cookies, cakes, and other delicious treats). It now appears that the... read more