Court case 200.286.170/01 NOT – Court Ruling (Netherlands, 2021)

The plaintiff issued a complaint against a civil law candidate notary (the defendant) because her home address was stated in the draft of two notarial deeds. The complaint consisted of four parts: # The personal data became public for third parties because the personal data was included in the notary deeds; # the candidate notary checked the information in the Personal Records Database (Basisregistratie Personen) even though he was not authorized to do so; # the candidate notary did not dedicate enough care to correct this and limit the damage; # the candidate notary breached the GDPR. Did the candidate notary breach any laws or regulations by including a personal address in the notary deeds? The chamber held that: # the candidate notary was authorized to include the personal data in the deeds, based on Article 40(2)(c) of the Dutch Civil-law notaries act (Wet op het notarisambt) and Article 18(1)(3) of the Land registry act (Kadasterwet); # the candidate notary was obligated by law to check the identity of the parties and was allowed to use the Personal Record Database (Basisregistratie Personen) to do so; # the candidate notary took multiple actions to (duly) change the address data and limit any further damage; # the candidate notary processed the data based on a legal obligation, which is allowed by the GDPR "in many cases", and thus there was no violation. Further, the plaintiff did not provide any concrete arguments regarding which article of the GDPR was allegedly breached.