The data breach notification obligation for healthcare companies: an article by Bart Schermer and Chris van BalenBack to articles
3 November, 2014
Recently, the Dutch parliament presented a legislative proposal containing a data breach notification obligation. If the proposal gets accepted, starting January 1st 2015, enterprises will be obligated to report data breaches that involve personal data under certain circumstances. If enterprises omit to report such a data breach, the Dutch Data Protection Authority is allowed to impose sanctions. If the proposal gets accepted the authority of the Dutch DPA to impose these fines will be expanded, which could result in high fines.
Enterprises should handle data with care. The Dutch Data Protection Act prescribes that enterprises should take ‘appropriate technical and organisational measures’ to prevent data breaches. What is ‘appropriate’ in this context depends of the nature of the data.
An article written by Bart Schermer (partner at Considerati) and Chris van Balen (LEXSIGMA) has been published in the October issue of BoardRoom Zorg. The article, named “Nieuwe meldplicht voor datalekken”, focuses on the impact of the legislative proposal on healthcare companies. Healthcare companies often process medical data. This data can be considered to be very sensitive and therefore more data security is needed. The article gives suggestions to prevent a data breach in addition to supplying a roadmap that can be followed if a data breach involving personal data occurs.
The article can be read here (in Dutch).