UWV (Dutch employee insurance service provider)

€450,000

Insufficient technical and organisational measures to ensure information security

Decision Date

May 31, 2021

Authority

Dutch Supervisory Authority for Data Protection (AP)

NL

Sector

Finance, Insurance and Consulting

Country

NL

Law

GDPR

Status

FINAL

Description

The Dutch DPA (AP) has fined UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen) EUR 450,000. The UWV had not properly secured the sending of group messages via the 'My Workbook' environment. This is a personal environment on the UWV website where job seekers have contact with the UWV. As a result, there were multiple data leaks of personal information, including health information, from a total of more than 15,000 individuals.

Legal Citations

Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
National Commission for Data Protection (CNPD) - U...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.