The Upper House of the Dutch Parliament passed a bill (the Act) on the 26 May which introduced an obligation for data controllers to notify the Dutch Data Protection Authority (DPA) of any data security breaches and provide increased sanctions for violations of the act.

Under the Act data controllers will have an obligation to notify the Dutch DPA of any data security breaches that have or are likely to have serious adverse consequences for the protection of personal data. Notifications to the DPA should include the following information:

  • the nature of the breach;
  • entities or bodies that provide further information on the breach;
  • expected consequences of the breach for the data processing; and
  • measures taken to mitigate and deal with the breach.

Organisations may be fined up to 810,000 Euros or 10% of their annual net turnover if they fail to notify the Dutch DPA of a data security breach.

For further information, please click here