Accommodation booking website has been fined €475,000 by the Dutch Authority for Personal Data (Autoriteit Persoonsgegevens) for reporting a data breach too late.

In December 2018, criminals stole the personal data of more than 4,000 customers including the credit card details of 300 customers through a data breach at

The criminals captured their login details from employees of 40 hotels in the United Arab Emirates. They used these credentials to steal names, addresses and telephone details of 4,109 customers who had booked a hotel room in the United Arab Emirates via the booking site. was notified of the data breach on 13 January 2019, but did not report it to the Personal Data Authority until 22 days later. A data breach must be reported to the Personal Data Authority within 72 hours. 


End of Service

Thank you for your interest in this GDPR tool.

We've decided to quit with this service at end of September 2023.
Former customers can download their PDFs until the end of September 2023.