The Netherlands' data protection authority, Autoriteit Persoonsgegevens, fined the Ministry of Foreign Affairs 565,000 euros for processing approximately 530,000 visa applications per year over the last three years without sufficient personal data protections, a violation of the EU General Data Protection Regulation. The DPA identified risks that unauthorized individuals could access and change files within the ministry’s National Visa Information System. It also determined the ministry did not adequately notify visa applicants about the sharing of their personal data with other parties.
Dutch DPA fines Ministry of Foreign Affairs 565K euros for GDPR violations
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
