Data breach notification bill and the expansion of the powers of the Dutch DPA passed the Dutch SenateBack to articles
26 May, 2015
Today, the Dutch Senate passed the Data breach notification bill and the expansion of the powers of the Dutch DPA. The bill will amend the Dutch Data Protection Act (in Dutch: Wet bescherming persoonsgegevens) on several points, which will be discussed below.
Data breach notification obligation
Firstly, organizations must inform the Dutch DPA if they suffer from a security breach that has, or could have an impact on the protection of personal data, this is called the ‘data breach notification obligation’. Sometimes, informing the Dutch DPA is not enough. If the breach will probably have a negative impact on the privacy of customers, these customers must also be informed about the breach.
Expansion of the power to impose fines by the Dutch DPA
The second element of the amended law is the expansion of the power to impose fines by the Dutch DPA. Currently, the DPA is allowed to impose fines with a maximum of €4500,-. Under the amended law the DPA can impose fines up to €810.000,-. Before the DPA imposes a fine, a ‘binding indication’ is given. This ‘binding indication’ allows organizations to manage their business in such a way that they become compliant with the relevant legislation. If businesses do not sufficiently change their behavior, the Dutch DPA is allowed to impose a fine.
Change of name
At the moment the Dutch DPA is called ‘College Bescherming Persoonsgegevens’. This will be changed into ‘Autoriteit Persoonsgegevens’ (Personal Data Authority) in order to be more in line with the upcoming Data Protection Regulation and to tie with the names of the other Dutch regulators, such as the Authority on Consumers and Markets.
Our expectation is that the change of law will enter into force on January 1st 2016.
Do you want to know more about the impact of this law on your organization? Do not hesitate to contact the privacy experts of Considerati.
Last Tuesday Novemer 4th, Bart Schermer (partner at Considerati) was a guest speaker at TekTok late...
The ‘Ethics in Networked Systems Research’ project at the Oxford Internet Institute launched a...