A newly passed bill in the Netherlands has increased the fining power of the Dutch Data Protection Authority (DPA) to up to EUR 810,000 or 10 percent of an organization’s annual worldwide turnover.

On May 27, 2015, the Dutch legislature passed the bill amending the Dutch Data Protection Act (Wet bescherming persoonsgegevens; (WBP)). New fines may be imposed for non-compliance with various obligations of the WBP (as further discussed below). The DPA will have the discretion to decide whether a situation justifies either a fixed fine or a fine relative to a company’s revenue. According to the explanatory memorandum to the bill, the possibility of issuing a fine relative to a company’s turnover is necessary for the DPA to have an effective enforcement tool in place when dealing with (very) large international organizations, for which the threat of a EUR 810,000 fine would not be sufficiently dissuasive.