UWV - Insurance provider

€900K($972K USD)final

Date Issued

2019-10-31

Regulation

GDPR

Authority

Dutch Supervisory Authority for Data Protection (AP)

Country

Netherlands

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

The Dutch employee insurance service provider – “Uitvoeringsinstituut Werknemersverzekeringen – UWV did not use multi-factor authentication for accessing the employer web portal. Health and safety services, as well as employers, were able to view and collect data from employees, data to which normally they should not have had access to.

Articles Violated

Art. 32 GDPR

View Source Document →

Other Fines for UWV - Insurance provider

Date	Regulation	Amount (USD)	Type
2019-10-31	GDPR	$972,000	Failure to implement sufficient measures to ensure information security