UWV (Dutch employee insurance service provider) – €900,000 Fine (Netherlands, 2019)

€900,000Autoriteit Persoonsgegevens31 October 2019Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Dutch employee insurance service provider, UWV, was fined for not using strong security measures on its employer portal. This lack of security put sensitive employee health data at risk. Companies must ensure their systems are secure to protect personal information.

What happened

UWV failed to implement multi-factor authentication on its online employer portal, leading to inadequate security.

Who was affected

Employees whose health data was accessed through the UWV's employer portal.

What the authority found

The Dutch data protection authority found that UWV violated GDPR by not securing its portal with adequate measures like multi-factor authentication.

Why this matters

This case underscores the necessity of strong security practices, such as multi-factor authentication, to protect sensitive data. It serves as a reminder for businesses to regularly update their security protocols to prevent unauthorized access.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
View original scraped data
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
date discrepancy
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll UWV (Dutch employee insurance service provider) actions
Full Legal Summary
Detailed

As the UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen') did not use multi-factor authentication when accessing the online employer portal, security was inadequate. Employers and health and safety services were able to collect and display health data from employees in an absence system.

Related Enforcement Actions (1)

Other enforcement actions involving UWV (Dutch employee insurance service provider) in NL

Current
Oct 2019

Fine

€900K

Fine
May 2021· Autoriteit Persoonsgegevens

The Dutch DPA (AP) has fined UWV (the Dutch employee insurance service provider - 'Uitvoeringsinstituut Werknemersverzekeringen) EUR 450,000. The UWV ...

€450K

Details

Fine Date

31 October 2019

Authority

Autoriteit Persoonsgegevens

Fine Amount

€900,000

Enforcement Tracker ID

ETid-107

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. UWV (Dutch employee insurance service provider) - Netherlands (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: