Following the General Data Protection Regulation (GDPR) entering into force the Dutch Data Protection Authority (DDPA) carries out random checks on organizations to assess their level of GDPR compliance. In that respect the DDPA performed checks on 91 hospitals and 33 health insurers to determine their level of compliance with the GDPR with regards to the appointment and registration of the (mandatory) data protection officer (DPO).

On 16 August 2018 two of these hospitals had not yet appointed a DPO. The DDPA granted these hospitals a four week period to comply with this requirement, subjecting them to a possible fine if failing to do so.