The Dutch government proposed a bill to parliament concerning the notification of data security breaches (Meldplicht datalekken). The bill states that an entity must notify the Dutch Data Protection Authority immediately about any data security breach where it can reasonably be expected that the breach has a considerable chance of impacting negatively the protection of personal data processed. Also, if the breach is likely to have adverse consequences on the privacy of data subjects, these data subjects must be notified immediately. Notification to the data subject is not required if adequate technical protection measures were implemented through which the personal data were encrypted or were otherwise made unusable for unauthorized persons.
The bill is currently being discussed in parliament.
The preparatory works can be found on http://bit.ly/14IsWNh