Dutch Social Insurance Institution (SVB) – €150,000 Fine (Netherlands, 2023)

€150,000Autoriteit Persoonsgegevens19 January 2023Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Dutch Social Insurance Institution (SVB) was fined €150,000 for failing to protect personal data adequately. A data breach occurred when unauthorized people accessed client information through the helpdesk. This case underscores the importance of having strong security measures to protect personal data.

What happened

SVB suffered a data breach where unauthorized people accessed client information through the telephone helpdesk.

Who was affected

Clients of the Dutch Social Insurance Institution whose data was accessed by unauthorized third parties.

What the authority found

The Dutch DPA found that SVB failed to implement sufficient security measures to protect personal data, violating GDPR requirements.

Why this matters

This fine highlights the critical need for organizations to implement robust security protocols, especially in customer service operations, to prevent unauthorized access to personal data.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
View original scraped data
Art. 32(1) GDPR
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
date discrepancy
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll Dutch Social Insurance Institution (SVB) actions
Full Legal Summary
Detailed

The Dutch DPA has imposed a fine of EUR 150,000 on the Dutch Social Insurance Institution (SVB). The controller had suffered a data breach in which a client's data had been leaked to unauthorized third parties. An unknown third party had succeeded in requesting benefit information via the controller's telephone helpdesk. In the course of its investigation, the DPA found that the controller had failed to implement sufficient technical and organizational measures to protect personal data. For example, the DPA found that the system for verifying the identity of callers was inadequate and verification questions were too simple.

Related Enforcement Actions (0)

No other enforcement actions found for Dutch Social Insurance Institution (SVB) in NL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 January 2023

Authority

Autoriteit Persoonsgegevens

Fine Amount

€150,000

Enforcement Tracker ID

ETid-1776

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Dutch Social Insurance Institution (SVB) - Netherlands (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: