NEW: Introducing ComplyCloud AI for faster and smarter compliance.
Do you want to know about some of the biggest fines given in the Netherlands in GDPR history?
Learn about the no-go’s in GDPR from this case of a Dutch tax administration when we take you through:
The Dutch Tax Administration had a fraud identification facility (FSV) that contained a blacklist of data subjects registering indications of fraud.
The FSV staff were instructed to use characteristics about individuals, such as their ethnic heritage (i.e., Turkish, Moroccan, and Eastern European) as a selection criterion for further tax investigations.
The above breaches of the GDPR lead to these penalties:
The Dutch DPA imposed a combined fine of 3,700,000 EUR on the Dutch Minister of Finances for the following violations (broken down into the corresponding fines):
Want to dive into more GDPR fines and other interesting cases from the EU?
In some cases, a data subject was labelled a ’fraudster’ without this being subject to an adequate investigation. Even if an investigation was carried out, and there appeared to be no fraud indicators, this conclusion was often not noted. For that reason, the suspicion of fraud remained.
Furthermore, risk analyses were based on incorrect data in some cases.
Inclusion on this blacklist meant that the data subject suffered economic consequences such as having his/her application for care allowance rejected or being made ineligible for debt rescheduling etc.
The processing took place from 2013 to 2020, meaning that 270,000 people ended up on this list.
Information about these people was shared with other authorities and private entities.
Furthermore, unauthorized employees of the Tax and Customs Administration were able to view personal data in FSV due to the inadequate security of FSV.
This case about the Dutch Tax Administration is a reminder of why your organization need to ensure the legal basis for processing sensitive data and to conduct a risk assessment on your processing activities.
But it’s just as important that you can show and document your GDPR compliance.
We can help you through the GDPR compliance process – from start to audit.
Do you want to simplify and automate your GDPR compliance with our end-to-end-platform?