Reinier advises national and international companies
reinier.russell@russell.nl +31 20 301 55 55With the upcoming European General Data Protection Regulation a data leak notification requirement will be introduced. Not complying with this requirement will result in a severe fine. So when do you have to report a data leak and what does a notification involve?
With the upcoming European General Data Protection, a data leak notification requirement will be introduced for the processing of data in case of a data leak. There is a notification requirement in the event of a breach of your organizational security measures for data. Examples are: theft of password or client data, hacking, or loss of data, for instance, if an employee has lost a USB device.
If your company has been affected by a data leak, you will have to report it within 24 hours to the relevant authority. The relevant authority in the Netherlands is the Dutch Data Protection Agency (College bescherming persoonsgegevens; CBP). The notification must include the nature of the leak, potential consequences and the measures taken. A data leak within your company must be reported by the person in charge of data processing in your company, for instance, the data protection officer. If a breach could lead to the risk of negative consequences for the protection of data, you don’t only have to notify the CBP but also all persons concerned.
If a breach of your data processing isn’t reported within 24 hours, this has to be motivated. An organization that doesn’t report a violation completely or in a timely manner will risk incurring a severe fine. This fine can be of the highest category, which is up to EUR 1,000,000 or, for businesses, up to a maximum of 2% of the global annual turnover). The amount of the fine will be determined based on the facts, as, for instance, prior breaches, the scope the breach, and whether it’s a question of intent of gross negligence.
Russell Advocaten will inform you regularly on the latest developments regarding the uniform European Data Protection legislation and the consequences for your business. Would you like to know more about the application of the European General Data Protection Regulation or do you have any questions about how to organize your business with regard to the new European General Data Protection Regulation? Please contact:
With the Dutch Tax and Customs Administration again enforcing the Deregulation of Assessment of Employment Relationships Act (DBA Act), these questions have become even more important. In a recent ruling on Uber drivers, the Supreme Court provided additional guidance on how to determine whether someone is a self-employed person.
The works council has an important task when it comes to working conditions in the company, including social safety. What tools can the works council use to ensure a safe corporate culture?
Losing your job due to redundancy is a bitter experience, especially when you are an expat and may also lose your work permit or residency rights. Which points should you take into account when facing redundancy?
The use of general terms and conditions is something companies can no longer do without. Contracting parties refer to their own general terms and conditions in small print, often containing favorable clauses for their own benefit. But what is the power of general terms and conditions? And what should be considered when using them?
The start of a new year brings not only new resolutions and crowded gyms but also important changes in laws and regulations. This year is no exception, with several significant amendments to employment law that took effect on 1 January 2025. Here, we outline the key points to watch out for as an employer or employee.
The holiday season is approaching, a time of joy and days off for many. However, not everyone finds these holidays equally meaningful.
