If you encounter a data breach, your organisation is obliged to notify the Dutch Data Protection Authority (AP) of this immediately. In some cases, they must also notify the data subjects (the people whose data has been subject to a breach).

What is a data breach?

A data breach concerns unintended access to, destruction of, amendment of, or leaking of personal data by your organisation.
(source: AP)

What should you do?

If you have identified a data breach, it must be reported to the AP by means of the data breach form as soon as possible. It is advisable to be familiar with the form so that all the necessary information can be gathered in advance. This helps report data breaches in a timely fashion. Once completed, you email the form to info@cddn.nl.

Other actions

In the event of a data breach, it is important to check whether you are obliged to report it. But that is not all. To find out what you should do in the event of a data breach, refer to the ‘Taking action in the event of a data breach’, action plan in the ‘Actions required for data breaches’ file and/or the frequently asked questions about data breaches on the AP’s website.