Privacy Engine
The PrivacyEngine Team
On January 1st 2016, the Dutch brought into effect a new law which makes it compulsory for Data Controllers to report a data breach to the Dutch Protection Authority. In addition, the DPA may also issue direct fines for violations of the Data Protection Act, up to €820,000.
Data Breach Notification will be mandatory where the loss of data could have adverse consequences on data subjects. An exception to this will be circumstances where the data is encrypted or otherwise unintelligible to third parties.
On the 9th December, 2015, the DPA published practical guidance, courtesy of Hunton Privacy Blog, on when a Data Breach Notification should occur.
Interestingly, the new fines may be triggered when there has been a failure to report a data breach to the DPA.
The Dutch DPA's press release may be read here.
We’ve got more coming…
Want to hear from us when we add new articles? Sign up for our newsletter and we'll email you every time we release a new article, as well as other resources.
