Are you compliant with the new Dutch Law on Data Breach Notifications?

EnterPrise_01_ComplianceOn January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.

A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.

Six tips to minimize risk
This new law was extensively discussed with a group of LeaseWeb customers during a recent round table about security. “In 2016, having a good security policy is no longer a matter of debate. You simply need to have it,” said one of the participants during the event. “If you don’t have a good security policy in place, you will risk a fine up to €820,000 if you lose a customer’s personal data. In some cases, the fine can be even higher.”

The round table discussion confirmed what the media have written before: most organizations don’t have their act together when it comes to security. So the question is: are you compliant with the new law? If you aren’t (yet), use the following six tips to minimize risks:

  1. First, study the documentation provided by the government. Make sure that you understand the terms used (the definition of personal data, for example)
  2. Next, make an inventory of where personal data is being processed in your organization
  3. The third step is to develop special procedures on how to deal with personal data. Think about who needs to access this data, who needs to process it and which actions are allowed when processing data. And make sure security measures are implemented during these procedures.
  4. Make agreements with third-party organizations that process your customers’ personal data.
  5. Appoint someone who is explicitly responsible for data management. This person is the main point of contact for the data protection authorities.
  6. And last but not least: put everything on paper in a checklist (and make sure you test this checklist in practice). If an incident occurs, you will know exactly what to do.

Leave a Reply

LeaseWeb on Twitter

Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today:… #LeaseWeb20

test Twitter Media - Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today: #LeaseWeb20

"Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday

test Twitter Media - "Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday

The cloud gives IT and business leaders a chance to rethink the effectiveness of their business continuity strategy:

System Administrator wanted. Do you have experience in managing internal IT Systems and broad software knowledge?