Are you compliant with the new Dutch Law on Data Breach Notifications?

EnterPrise_01_ComplianceOn January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.

A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.

Six tips to minimize risk
This new law was extensively discussed with a group of LeaseWeb customers during a recent round table about security. “In 2016, having a good security policy is no longer a matter of debate. You simply need to have it,” said one of the participants during the event. “If you don’t have a good security policy in place, you will risk a fine up to €820,000 if you lose a customer’s personal data. In some cases, the fine can be even higher.”

The round table discussion confirmed what the media have written before: most organizations don’t have their act together when it comes to security. So the question is: are you compliant with the new law? If you aren’t (yet), use the following six tips to minimize risks:

  1. First, study the documentation provided by the government. Make sure that you understand the terms used (the definition of personal data, for example)
  2. Next, make an inventory of where personal data is being processed in your organization
  3. The third step is to develop special procedures on how to deal with personal data. Think about who needs to access this data, who needs to process it and which actions are allowed when processing data. And make sure security measures are implemented during these procedures.
  4. Make agreements with third-party organizations that process your customers’ personal data.
  5. Appoint someone who is explicitly responsible for data management. This person is the main point of contact for the data protection authorities.
  6. And last but not least: put everything on paper in a checklist (and make sure you test this checklist in practice). If an incident occurs, you will know exactly what to do.

Leave a Reply

LeaseWeb on Twitter

Find out why #Adjust uses bare metal #servers for their IT need at #TechSummit #Berlin on April 12th lsw.to/lco @adjustcom

test Twitter Media - Find out why #Adjust uses bare metal #servers for their IT need at #TechSummit #Berlin on April 12th https://t.co/VWEVwKjuIu @adjustcom https://t.co/kp1dJYM9Jq

Are you passionate about software development? Can you work with the #Agile / SCRUM methodology? Join us! lsw.to/l81 #PHP #jobs

test Twitter Media - Are you passionate about software development? Can you work with the #Agile / SCRUM methodology? Join us! https://t.co/vyPJw21oC5 #PHP #jobs https://t.co/iVvJEaeHaS

About 20 years ago, we got our first four servers. Today, we have over 75,000 :) #throwbackthursday #LeaseWeb20

test Twitter Media - About 20 years ago, we got our first four servers. Today, we have over 75,000 :) #throwbackthursday #LeaseWeb20 https://t.co/hlf36YpaIR

Didn’t register for WorldHostingDays 2017 yet? Get a free ticket on us, and meet us at booth R20 #cloud lsw.to/l85

test Twitter Media - Didn’t register for WorldHostingDays 2017 yet? Get a free ticket on us, and meet us at booth R20 #cloud https://t.co/agwqMHofZM https://t.co/fSdQokL4JO