An analysis of Dutch case law: what factors play a role in awarding (or not) and determining the extent of damages under the GDPR?
Since May 2018, the GDPR has been directly applicable in the European Economic Area, including the member states of the European Union, Liechtenstein, Norway, and Iceland. Four years later, awarding damages for GDPR violations is still not a common practice in the Netherlands, despite the fact that news reports regularly mention data breaches and other GDPR violations. This article analyzes Dutch case law over the past four years to see what factors may influence the awarding of damages under the GDPR. The first part describes the legal framework for filing a damages claim under the GDPR, while the second part deals with court decisions in which damages have been awarded under the GDPR.