Notification Registry of Dutch Data Protection Authority as open data

From today the Dutch Data Protection Authority started to publish its Notification Registry as open data. On June 9, Open State Foundation did a request for re-use based on the re-use of public sector information law to retrieve the available public information in its Notification Registry in an open machine-readable format.

This involves information by notification, the notification number, name processing, name Responsible (s), business address controller (s), mailing address controller (s), target (s) of processing per individual (s) definition, collect target and sensitive data, per recipient (s) definition, target and collect sensitive personal data, transfer outside the EU and transfer appropriate.

The Notification Registry contains 53,423 notifications from 32,632 responsible organizations, businesses, government agencies or persons. The data is not structured in governmental responsibilities. Sometimes a government agency makes the notification on its own behalf, sometimes the responsible government department does the notification. Most notifications from government departments come from the Ministry of Economic Affairs (21), Interior (16), Defence (13) and Security & Justice (13). For organisations and companies there has been no use of unique identifiers, such as the registration number in the company register.

The dataset that the Dutch Data Protection Authority makes available includes notifications made to the DPA as described in article 28 of the Data Protection Act. The file ‘data.json’ contains a list of managers and per manager a list of notifications that are available in the Notification Registry. The latest version of the Notification Registry can be found on the website database. The json file will be monthly updated on their website.

More than half of the notifications do not contain special privacy information. A third contained information on health.