Dutch DPA fines Booking.com for GDPR violations

According to DataGuidance, the Dutch data protection authority (DPA) has decided to fine Booking.com €475,000 for violations of the General Data Protection Regulation (GDPR). In particular, the DPA noted that Booking.com was notified of a data breach on January 2019, but did not report it to the authority 22 days after being made aware of the breach. Also, the personal data of more than 4,000 customers was breached, as well as the credit card details of nearly 300 Booking.com customers.