In 2016, the Dutch Personal Data Protection Act was expanded with the obligation to report data breaches. Organisations with a serious data breach must report this to the Dutch Data Protection Authority, and sometimes also to the people whose data were leaked. The fines for not reporting are very high.
What is a data breach?
A data breach always involves personal data that may have ended up in the hands of the wrong people. This ranges from a lost USB drive or laptop, to an email with sensitive data that was mistakenly sent to the wrong address. Another example is a hack in the student information system, or data obtained with a phishing mail or with ransomware.
Report to the Hotline for Data Breaches
NHL Stenden has a Hotline for Data Breaches to report security incidents. You may not be sure whether it constitutes a data breach. That is why a team of specialists examines every report. They determine whether it is an actual data breach, and if it should be reported to the Dutch Data Protection Authority and to the people whose data were leaked When in doubt, contact the Data Protection Counselor.