Following an international investigation in cooperation with other European privacy regulators, on 31 March 2021 the Dutch data protection authority (“Autoriteit Persoonsgegevens – AP”) released its decision (available here in Dutch) to impose a fine of €475,000 on Booking.com (incorporated in Amsterdam) arising from their delays in reporting a data breach incident (the “Breach“).