Keep criminals out with blacklists

A blacklist allows you to warn staff or other companies about customers and ex-employees who, for example, have been caught stealing. Is a person on a blacklist? Then you can choose whether or not to allow someone into your shop.

You can draw up a blacklist together with other entrepreneurs. The Utrecht shopping mall Hoog Catharijne has such a collective blacklist (in Dutch). A blacklist often includes people who have been punished for shoplifting or for causing a major nuisance.  

You always take into account the privacy of the persons you put on a blacklist. This means you cannot put a sandwich board outside your shop with photos of shoplifters. And you are obliged to notify persons when you blacklist them. There are 3 types of blacklist you can use: internal, sectoral, and cross-sectoral. 

Internal blacklist 

You only use an internal blacklist inside your business or organisation. Do you want to blacklist customers you no longer want to do business with, or employees who have stolen from you? In that case, you must comply with the privacy rules in the General Data Protection Regulation (GDPR). This is a European privacy law that requires that companies and organisations process personal data with care.

Creating and using a blacklist is allowed if you meet 3 conditions: 

1. You have a legitimate interest (in Dutch). That means you must have a good reason for drawing up a list of this kind. Think of countering fraud, theft, or scams. You cannot simply turn a customer away just because you find them annoying. 

2. You are unable to achieve the goal, such as barring a customer, in any other way that affects a customer’s, or an employee’s, privacy less. For example, if you build into your online shop’s software the stipulation that the fraudulent customer can no longer create an account, you will have achieved your goal without using a blacklist. You do have to inform customers in advance in which situations you are allowed to bar them from creating an account. This prevents discrimination. You can point out these situations to customers in the ordering information or in the general terms and conditions. 

3. You can show that your business interest is more important than the privacy interest. For example: by adding someone to the list, they can no longer steal from you. Or the environment for your staff, customers or guests is safer because that person can no longer enter your business.

Sectoral blacklist 

Businesses and organisations can also share blacklists with each other, for example within a certain sector. This is only allowed under certain conditions (in Dutch). A permit from the Dutch Data Protection Authority is required in order to create or share such a list. That is because the use of a shared blacklist affects the privacy of those whose names appear on it. Designating someone unfairly as a fraudster can have major consequences for them. They may have difficulty finding a job, taking out a mortgage, or renting a house. 

You can find a complete overview of sectoral blacklists on the website of the Dutch Data Protection Authority. For example, there are blacklists in the transport, health and welfare, and housing-rental sectors (in Dutch). You are only allowed to view the lists if you join a sectoral list (in Dutch).  With a sectoral blacklist, you can screen staff, or prevent shop theft, nuisance in your hospitality business, or financial fraud. 

Screen your shop staff 

The Alert Register (Waarschuwingsregister, in Dutch) lists shop employees who have been fired for committing internal fraude. For example, sweethearting: giving away products for free or selling them at big discounts to family and friends. Registration is for a minimum of 1 to a maximum of 4 years. It depends on the gravity of the offence.  SME retailers can sign up for free (in Dutch).  

Prevent shoplifting 

The collective shopping ban (in Dutch) is there as an option to keep shoplifters and troublemakers out of shopping areas. A collective shopping ban allows retailers to come together to ensure that unwanted customers no longer have access to any participating shops within the shopping area. At the moment, 35 shopping areas in the Netherlands have collective shopping bans in place.  

Would you also like to get started with a collective shopping ban in your shopping area? Get in touch with the CCV (in Dutch). They will help you start a collective shopping ban. That includes the use of a registration system, standard forms for announcing a shopping ban, and the application for a licence with the Dutch Data Protection Authority. 

Prevent nuisance in hospitality industry 

A collective hospitality sector denial of entry (collectieve horecaontzegging, CHO, in Dutch) is the blacklist in the hospitality sector. With a CHO, you can reduce crime and nuisance in nightlife. Guests who seriously misbehave are no longer welcome at various hospitality establishments. If they do get in anyway, the police will come and pick them up. Want to get started with a CHO along with other hospitality business owners? Please get in touch with the manager of the main Dutch hospitality sector organisation, Koninklijke Horeca Nederland (in Dutch), in your region. They will help you come up with a step-by-step plan and the permit application to the Data Protection Authority, and they will give you an Excel file for registering participating catering establishments. 

Prevent fraud in financial services 

Financial service providers such as banks, mortgage lenders, and insurers are using an incident-alert system (in Dutch) to counter fraudulent customers and employees. Financial institutions affiliated with the incident alert system have a list on which they record the details of fraudsters. Financial service providers consult this blacklist, for example, when they are dealing with applications from new customers.

Do you want more information about the incident-alert system? Then contact one of the sector organisations who have executed this idea together: the Dutch Banking Association (Nederlandse Vereniging van Banken), The Dutch Association of Insurers (Verbond van Verzekeraars), the foundation for combatting mortgage fraud (Stichting Fraudebestrijding Hypotheken), Vereniging van Financieringsondernemingen Nederland, an association of finance companies, and Zorgverzekeraars Nederland, the national association of health insurers (all links in Dutch).  

Cross-sectoral blacklists 

Criminals often operate in several sectors. Sharing potential offenders’ details can be useful for entrepreneurs. For this purpose, there are cross-sectoral blacklists. The rules for exchanging details outside your sector are strict. The DPA explains (PDF, in Dutch) what you are allowed to do and how you use a cross-sectoral list.