Jan Dop

partner

Jan is a specialist in employment law and corporate law

jan.dop@russell.nl
+31 20 301 55 55

Reinier Russell

managing partner

Reinier advises national and international companies

reinier.russell@russell.nl
+31 20 301 55 55

Privacy: Data Leak Notification Requirement

Publication date 26 March 2015

With the upcoming European General Data Protection Regulation a data leak notification requirement will be introduced. Not complying with this requirement will result in a severe fine. So when do you have to report a data leak and what does a notification involve?

persoonsgegevens - ubo

With the upcoming European General Data Protection, a data leak notification requirement will be introduced for the processing of data in case of a data leak. There is a notification requirement in the event of a breach of your organizational security measures for data. Examples are: theft of password or client data, hacking, or loss of data, for instance, if an employee has lost a USB device.

If your company has been affected by a data leak, you will have to report it within 24 hours to the relevant authority. The relevant authority in the Netherlands is the Dutch Data Protection Agency (College bescherming persoonsgegevens; CBP). The notification must include the nature of the leak, potential consequences and the measures taken. A data leak within your company must be reported by the person in charge of data processing in your company, for instance, the data protection officer. If a breach could lead to the risk of negative consequences for the protection of data, you don’t only have to notify the CBP but also all persons concerned.

If a breach of your data processing isn’t reported within 24 hours, this has to be motivated. An organization that doesn’t report a violation completely or in a timely manner will risk incurring a severe fine. This fine can be of the highest category, which is up to EUR 1,000,000 or, for businesses, up to a maximum of 2% of the global annual turnover). The amount of the fine will be determined based on the facts, as, for instance, prior breaches, the scope the breach, and whether it’s a question of intent of gross negligence.

Action

  • Prepare in time a handbook or action plan outlining the procedures to be followed in the event of a data leak. That way you don’t lose time when you have to submit a notification.
  • Let experts check whether your handbook or action plan complies with the (European) regulations.

More information

Russell Advocaten will inform you regularly on the latest developments regarding the uniform European Data Protection legislation and the consequences for your business. Would you like to know more about the application of the European General Data Protection Regulation or do you have any questions about how to organize your business with regard to the new European General Data Protection Regulation? Please contact:

    We process the personal data above with your permission. You can withdraw your permission at any time. For more information please see our Privacy Statement.

    Related publications

    4 November 2024: Dutch Labour Law Basics for Diplomats

    On Monday 4 November 2024, Russell Advocaten Russell Advocaten will host a seminar on Dutch labour law for diplomats, consular agents, and administrative staff from Embassies and Consulates in collaboration with Diplomat Magazine.

    Read more

    2 October 2024: Labor and Employment Client Seminar by Primerus

    On Wednesday 2 October 2024, Jan Dop will be one of the members of the panel that will present timely labor and employment law issues to Primerus clients.

    Read more

    25 September 2024: Cybersecurity and Data Protection in Litigation

    Wednesday 25 September 2024, Reinier Russell will discuss cybersecurity and data protection in litigation at the European meeting of the World Litigation Forum in Barcelona.

    Read more

    24 September 2024: Risk management: social media in the company

    On Tuesday 24 September 2024, Reinier Russell and Jan Dop will speak at the Technical Meeting of PAiE, the organisation of professional accountants in Europe.

    Read more

    1 January 2025: Dutch Tax Authority will enforce rules on labour relations

    From 1 January 2025, the Dutch Tax and Customs Administration is going to enforce the Deregulation of Assessment of Employment Relationships Act (DBA). How will this affect principals and self-employed workers?

    Read more

    Dutch employment law: 6 clauses that should be included in an employment contract

    Our longstanding partner Diplomat Magazine has interviewed our employment law and diplomatic missions expert Jan Dop on the relevance of Dutch employment law for Embassies and Consulates in the Netherlands.

    Read more