The Dutch Data Breach Notification requirement came into effect on 1 January 2016. Pursuant to this act, which is part of the Personal Data Protection Act, companies and government agencies are legally required to report data leaks to the Dutch Data Protection Authority. In certain cases the persons whose details were compromised must be notified as well.

If you are in the business of processing people’s personal details/If your business involves the processing of people’s personal information, you have a duty to protect these personal details to the best of your ability. Security breaches can occur, but as stated above, they must be reported in certain cases. It is for you to decide whether or not to report such breaches. If you misjudge a situation and choose not to report a major breach, your organisation will be at risk of high fines, loss of reputation and reduced competitiveness. Similarly, filing a late report may also result in a significant fine.

By implementing proper policies and procedures, you will be better able to make a quick decision as to whether or not to report a data security breach.

Data breaches: reduce risks in advance and act quickly afterwards

Proper preparation can help you drastically reduce the risk of data breaches. Since you are also legally required to report data leaks caused by data processors, we can help you enter into the right agreements with the people or organisations who process your data on your behalf/for you. In addition, we can help you make your procedures more efficient. We will, for instance, create well-organised data maps which will help you determine quickly whether any personal details have been compromised when a certain system is breached, and if so, identify the compromised data.

In addition, it is easier to prevent data breach if personal details are subject to sound security requirements. Considerati will advise you on the organisational aspects of information security. When it comes to technical information security, detection and forensic analysis of data leaks, Considerati collaborates with several specially selected high-quality cybersecurity partners.

Repression, recovery and communication

If a data brach has occurred, it is vital that you act quickly, as to minimise potential negative consequences. Considerati can help you make the preparations required to successfully manage data leaks. Among other things, Considerati will advise you how to implement the most efficient incident response plan.

If a data breach occurs in your organisation, your organisation’s reputation will be affected by the way in which your organisation communicates with the general public and with the persons whose data have been compromised. A strong message may go a long way towards minimising the damage such an incident may do to your organisation’s reputation. By implementing the right processes and procedures, and by seriously considering beforehand how to respond in the event of a data breach, you will ensure that you are properly prepared to deal with any data breach which may occur:

  • Considerati will carry out a crisis preparedness assessment to determine your baseline and, as a result of this assessment, we will make recommendations which will help you optimise your processes at a time of crisis;
  • Considerati will help you develop scenarios and will identify all the stakeholders, so that you will know at once whom to contact or whose interests to protect in the event of a data leak;
  • Considerati will draw up a crisis communication plan for your organisation, so that you will always be fully prepared when talking to your stakeholders.

2018 will see the introduction of the General Data Protection Regulation, which will involve an EU-wide duty to report data leaks. If your organisation is active in more than one EU member state, you will have to be aware where to report data leaks. We would be very happy to help you determine this.

Want to know more?

Dominique Hagenauw

Principal Legal Consultant