Dutch privacy authority Cbp (College bescherming persoonsgegevens) issued draft guidelines this month detailing the protocols data processors in the Netherlands should take when reporting a data breach. The clarification comes after a recent amendment to the Dutch Data Protection Act, which requires all data processors to notify Cbp of any “serious” data breaches beginning January 1, 2016. Failure to notify Cbp could result in fines of 10 percent of a data processor’s revenue, capped at €810,000. The guidelines instruct data processors on identifying leaks, when and how to report them to Cbp, and when they should notify the subject of the data breach. The Cbp called for comments on the draft to be submitted within four weeks.