The Netherlands
UWV (Dutch employee insurance service provider)
900,000 €
GDPR enforcement action by Dutch Supervisory Authority for Data Protection (AP) on 2019-10-31.
Rank · Sector
#31
of 322 in Finance, Insurance and Consulting
Rank · The Netherlands
#9
of 43
Rank · All fines
#180
of 3,050
Case details
- Authority
- Dutch Supervisory Authority for Data Protection (AP)
- Date
- 2019-10-31
- Controller / Processor
- UWV (Dutch employee insurance service provider)
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
As the UWV (the Dutch employee insurance service provider - "Uitvoeringsinstituut Werknemersverzekeringen") did not use multi-factor authentication when accessing the online employer portal, security was inadequate. Employers and health and safety services were able to collect and display health data from employees in an absence system.
Open original source
Links to the regulator's original publication or another source.
Related fines
The Netherlands
2024-07-22
290,000,000 €
ETid-2447
Uber Technologies Inc., Uber B.V.
Employment
The Netherlands
2026-04-01
100,000,000 €
ETid-3171
Ridetech International B.V.
Transportation and Energy
The Netherlands
2024-05-16
30,500,000 €
ETid-2448
Clearview AI Inc.
Industry and Commerce
The Netherlands
2023-12-11
10,000,000 €
ETid-2199
Uber Technologies Inc.
Uber B.V.
Employment
The Netherlands
2024-11-26
4,750,000 €
ETid-2507
Netflix International B.V.
Media, Telecoms and Broadcasting
The Netherlands
2022-04-07
3,700,000 €
ETid-1124
Dutch Tax and Customs Administration
Public Sector and Education