Jacqueline van Essen wrote a brief article for Mr., a magazine for Dutch attorneys, noting that if a current legislative proposal is adopted as expected (in 2015), the Dutch Data Protection Authority (CBP) will be empowered to impose fines of up to EUR 810,000 for violations of virtually any of the obligations laid down in the Dutch Personal Data Protection Act (DPA) (Wbp). However, the CBP will first have to issue binding instructions and can set a term within which the instructions must be followed. In other words, penalties cannot be imposed immediately.
In addition to the increased threat of a fine, the world is holding its breath in anticipation of the European General Data Protection Regulation that will supersede the DPA. If this Regulation is enacted, authorities will be empowered to impose penalties of up to 5% of annual worldwide turnover for violating data protection rules. Some of these data protection rules are new, but some have already been included in the DPA. ‘Any way you look at it,’ Jacqueline concludes her article, ‘there are no escape routes anymore in a world in which privacy is not legally protected.’
The article is published on Mr. online.