Data leak

Oh no, a data breach! Now what?

20 juli 2018

These days, you need to report any breach of data immediately. You probably noticed that the GDPR, or General Data Protection Regulation, went into effect on May 25th. (This regulation is known in The Netherlands as the AVG or Algemene Verordening Gegevensbescherming.)

These days, you need to report any breach of data immediately. You probably noticed that the GDPR, or General Data Protection Regulation, went into effect on May 25th. (This regulation is known in The Netherlands as the AVG or Algemene Verordening Gegevensbescherming.)

The GDPR is a set of rules regarding data protection and privacy rights that is more strict than we’ve been used to. Since it’s a European law, the great benefit is that these regulations are identical for all European countries. In The Netherlands, this new law replaces the WBP, or Wet Bescherming Persoonsgegevens, which now no longer applies. From now on, data breaches fall under the umbrella of the GDPR.

You can find a brief introduction to the GDPR (or AVG in Dutch) on the website of the Dutch Data Protection Authority, the organisation tasked with implementing and enforcing the GDPR in The Netherlands.

What is a data leak?

Every company believes their information is secure. Even so, in 2017 over 10,000 data breaches were reported to the Dutch DPA. That was already an increase of 70 percent compared to the previous year. The new GDPA is more strict and makes it mandatory for companies to report every single leak.

The GDPA describes a data leak of personal information as a violation of the security of that information. When that breach leads to destruction, loss, unauthorized access, or other misuses of personal data, that’s considered a data leak. It is your obligation to report any such data breaches to the Dutch Data Protection Authority (DPA) and anyone affected by the leak.

When not to report a data leak

There are certain circumstances in which you do not need to report a data breach directly to those affected. When notifying would cause a disproportionate level of effort, for example. In that case, you can simply put out a public announcement. Did you take the appropriate technical and organisational protection measures or did you take action after the breach that eliminated the identified risks for those involved? Under those circumstances, you also don’t need to notify anyone directly.

Eliminate data breaches with DataChecker verification

If you ever process personal information, for example for your human resources administration, you’ll encounter the GDPA. It is strict. Very strict. In choosing to verify your employees’ identity cards with DataChecker, that information will be stored in DataChecker’s secure databases. You can request access to the information at any time. DataChecker simply takes over the care of storing data in a secure way and preventing any data leaks. That way you’ll always be in compliance with the GDPA.

 

Want to learn more about this service? Get in touch with one of DataChecker’s advisors. They look forward to helping you out.