Court case AWB - 19 _ 1687 – Court Ruling (Netherlands, 2020)

The plaintiff complained about factual inaccuracies in reports on his medical situation and possibilities for performing work in the context of granting a work benefit. He requested rectification of data in these reports. The defendant claimed it corrected the inaccuracies by issuing a new report but the plaintiff found this not sufficient since the inaccuracies remain in the initial reports and alleged violation of his right to rectification. The Court had to assess the way in which the rectification should be carried out by the defendant considering also its technical capacity. The District Court invoked Article 24 and Recital 78 GDPR and concluded that data controllers must take appropriate technical and organisational measures that are necessary to ensure that the requirements of GDPR are met. It found that an additional report cannot be considered sufficient to fulfill the right to rectification. The controller must use its best efforts to ensure that policies and systems are in line with the GDPR including transparent and clearly recognisable rectification of inaccuracies other than merely adding a document in a medical file. The Court ordered the controller to investigate the possibilities of complying with the right to rectification within six weeks and notify the Court if it will make use of this opportunity within two weeks.