IT supplier/Dutch Data Protection Authority (DPA)
A sales associate accidentally put a hard drive back in a warehouse after using the hard drive to transfer data from one computer to another. This data concerned personal data. This data breach was reported too late. The Dutch DPA intended to make a fine decision.
Lawyers:
dr. A.W. Duthler LL.M and R. Grevenstette LL.M
Category:
Data protection law and data breaches
Time:
From intending to impose a fine to averting it: 6 months
Result:
A reprimand instead of a fine of €840,000
Challenge
A sales associate accidentally returned a hard drive to a warehouse after using the hard drive to transfer data from one computer to another. This data concerned personal data. The hard drive was then accidentally sold to a customer, who became aware of financial data such as social security number, income tax returns and benefits information of other persons. The customer immediately informed the store employee about this and filed a complaint with the Dutch Data Protection Authority (DPA). The DPA investigated and found that the company had not reported this data breach within 72 hours. She announced her intention to impose a fine of the highest category.
Strategy
The continuity of the company would be jeopardized if the fine were indeed imposed. The company was given the opportunity to defend itself. The fine was nevertheless imposed, after which First Lawyers appealed for the company. Emphasis was placed on evidence of measures the company had taken to prevent such data breaches. This includes actions to raise awareness among employees, the appointment of a Data Protection Officer and conducting quarterly audits to review and discuss compliance with the GDPR at each branch.
Result
The objection was upheld, in the sense that the DPA decided to leave it at a reprimand. First Lawyers subsequently objected to the company’s disclosure of the reprimand, because disclosure would still mean a severe sanction for it. The reprimand was eventually made anonymously known.
Cases
Submit your case
Please feel free to contact one of our lawyersor call +31 (0) 70 306 00 33 or info@firstlawyers.nl.