📅 Period: 2018 - 2024
📍 Source: Recht.nl & Dutch DPA decisions

Since the General Data Protection Regulation (GDPR) took effect in May 2018, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has issued dozens of fines. This overview highlights the most common violations — and the key players involved.

The Heaviest GDPR Fines So Far

The data shows that international tech companies are under the most scrutiny, with Uber and Clearview topping the list. Dutch institutions such as the

Tax Authority and BKR have also faced multi-million euro penalties from the Dutch DPA.

🔍 Some standout fines:

• Uber (US): €290 million for unauthorized data transfers to the US (2024)

• Clearview AI: €30.5 million for unlawful processing of biometric data (2024)

• Netflix: €4.75 million for lack of transparency about personal data processing (2024)

• Dutch Tax Authority: two fines of €3.7 million and €2.75 million related to the FSV blacklist and child benefits discrimination scandal