Netherlands GDPR Complaints Surge in 2025: What It Means

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) reportedly received more than 13,000 privacy complaints and signals in 2025, up from 7,100 the year before. According to Security.NL, which reported on the AP's 2025 annual report, this sharp rise shows that more people in the Netherlands are aware of their rights under the GDPR (AVG) and know how to report concerns.

A Major Data Breach Drove Many Complaints

According to Security.NL, a significant share of the complaints related to a data breach at Clinical Diagnostics, in which sensitive data belonging to more than 900,000 people was stolen. People who filed complaints reportedly said they received little information about what had happened and felt their concerns were not taken seriously. Some women reported feeling unsafe because their home addresses had been leaked.

Following the breach, the AP reportedly started a supervisory process involving Clinical Diagnostics and Bevolkingsonderzoek Nederland, focused on ensuring that victims were properly informed. The fact sheet notes that the outcome of this process has not been stated.

Thousands of Complaints Still Waiting

According to Security.NL, of the more than 13,000 complaints and signals received in 2025, more than 11,000 were handled. Around two thousand complaints are still waiting to be processed. The AP has reportedly acknowledged that waiting times are increasing, which it describes as an important concern.

To handle complaints more efficiently, the AP reportedly began making faster telephone contact with people and organisations to resolve issues directly. The authority also says it is increasingly using on-site supervisory visits to address situations affecting large numbers of people in one go.

What does this mean for your website?

If your business collects personal data, such as customer names, email addresses or health information, you are required under the GDPR (AVG) to handle that data responsibly and to inform people clearly if something goes wrong. The growing number of complaints shows that people are increasingly willing to report concerns to the AP, so it is worth checking that your privacy practices are in order. You can use our GDPR compliance checklist and privacy policy guide as a starting point.