You are here:
17 July 2019 / news

First GDPR fine in the Netherlands is a reality

Hospital HagaZiekenhuis in The Hague is fined EUR 460.000 for failure to implement adequate technical and organisational measures to secure patient files.

tablet

Investigation by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) was launched earlier in 2018 following claims that over 80 hospital staff were unlawfully snooping into the reality star ‘Barbie’s’ confidential patient files. The AP found that the hospital should regularly check who accesses which files in order to flag unauthorized access in a timely manner. Such unauthorised access should immediately be addressed with appropriate measures. The AP also found that an adequate security system requires authentication involving at least two factors (access to a patient file should for instance require a code in combination with an employee pass).

In addition to the fine, the AP has imposed an order subject to a penalty on the hospital to force the hospital to adequately bring their security measures up to standard. In case of non-compliance by 2 October 2019, the hospital will have to pay EUR 100,000 every two weeks (with a maximum of EUR 300,000).

The AP emphasised that patient confidentiality is of utmost importance and that failure to meet this obligation warrants a hefty fine.

Full article available here (in Dutch). Get in touch with us in case of any questions!



(Supervisory) directors’ liability: our 2019 update

The liability of directors of major organisations receives wide coverage in the press. Examples (in the Netherlands) are Imtech, HDI, FC Twente, Vestia, and... read more
Overview

District court grants EUR 250 for immaterial damages

District court grants EUR 250 for immaterial damages suffered due to breach with GDPR read more
Tax dispute and litigation review

A Guide to: Netherlands Data Protection 2018

The ICLG provides a clear overview of various important topics with regard to data protection and privacy. read more