Request A Demo Login Now Sign up to DataGuidance Alerts DataGuidance DataPrivacy Index Cookie Consent Guide Data Protection Law & Policy Download a DataGuidance Brochure DataGuidance Videos


The transverse study performed by DataGuidance is particularly interesting and innovative as it enables one, at a glance, to obtain information on the obligations that lie with companies in terms of data breach in a large number of countries. Yet, very often, companies which are victims of a data breach are not subject to the breach in only one of the countries where they are set up, but in several countries. In such case, they must react extremely quickly notably in terms of informing control authorities if applicable. Having this transverse study, they will necessarily save precious time.
Florence Chafiol-Chaumont, Partner at August & Debouzy
RSS feed of this page Updated: 04/07/2013 
Sharing disabled by cookie consent preference.
Privacy This Week powered by DataGuidance

back to Privacy This Week

Netherlands: Mandatory breach notification bill may introduce fines up to €450,000

The Dutch State Secretary for Security and Justice, Fred Teeven, introduced - on 21 June 2013 - a bill proposing mandatory data breach notification (the Bill) to the House of Representatives. The Bill proposes mandatory data breach notification for all public and private organisations processing personal data, and a maximum fine of €450,000 for failing to comply with the requirement.

The Bill follows the Dutch Government's consultation on an earlier draft Bill amending the Dutch Data Protection Act in February 2012, as DataGuidance previously reported.

"Currently, we do not have a general breach notification duty", Berend van der Eijk, Lawyer at Bird & Bird, told DataGuidance. "It is very likely that this proposal will be passed. The earliest date of [the Bill] entering into force would likely be 1 July 2014, or more realistically, 1 January 2015. Businesses should start to create awareness of the upcoming legislation, and subsequently have policies in place to capture and process all internal incidents properly and swiftly. This can take some time and effort, but is well worth investing in".

The earliest date of [the Bill] entering into force would likely be 1 July 2014, or more realistically, 1 January 2015.

All organisations processing personal data will be obliged to notify the Dutch Data Protection Authority (CBP) and the data subject of any data breach resulting in theft, loss or misuse, including electronic communications service providers who are obliged to report data breaches to the Dutch Telecommunications Regulator (OPTA) under the Telecommunications Act.

Van der Eijk said: "The hardest thing is to create awareness in the organisation. We usually advise [clients] to notify 'pro forma' and fill in the details later but as soon as possible. In practice, I hope CBP can cope with all the expected notifications, especially since there is a big impulse to just notify any data breach. It must further be emphasised that the fine is only for not notifying properly, and not for non-compliance with the general data protection obligations".

DataGuidance has developed the Data Breach Notification At-a-glance Advisory; a powerful tool consisting of an easy to read comparative table which details the requirements for data breach notifications in jurisdictions around the globe.

To sign up for a free trial of the Advisory and the rest of DataGuidance, click here.

© 2014 Cecile Park Publishing Ltd. All rights reserved

Sharing disabled by cookie consent preference.

Other News

© 2014 Cecile Park Publishing Ltd. Privacy Policy | Terms and Conditions | Sitemap
Address: 17 The Timber Yard, Drysdale Street, London, N1 6ND, UK | Phone: +44 (0)20 7012 1380 | Email: