Download free GDPR compliance checklist!

Dutch DPA fines company for not using 2FA

The Dutch Data Protection Authority imposed an order for incremental penalty payments of 150,000 euros per month with a maximum of 900,000 euros because the security level of the employer portal is not adequate.

A portal operated by UWV contains employee health data. DPA decided that because the UWV does not apply multi-factor authentication when granting access to the online employer portal, security is insufficient.

Source: AP forces UWV to better protect data with sanctions | Dutch Data Protection Authority