Fine of €475,000 for Booking.com reporting data breach 22 days to late. According to a press release of April 6 the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) imposed a €475,000 fine on Booking.com because the company took too long to report a data breach to the DPA into compliance with Article 33 GDPR.