Report a data breach

Have you discovered a (possible) data breach? Please notify us as soon as possible, but in any case within 24 hours after you have detected the data breach. You can do this via Mention in your email: your name, your telephone number, possibly the organisation you work for and a short description of the data breach.

Once we have received your report, we will contact you by telephone for more information, so that we can take measures to minimise the possible consequences. We then assess the seriousness of the data breach and determine if the data breach must be reported to the Dutch Data Protection Authority and to the person(s) involved.

What is a data breach?

We speak of a data breach if personal data of our customers, relations or employees has been lost or accessible where it shouldn’t. This is the case if personal data falls into the hands of third parties who should not have access to that data.

Examples of data breaches are: a lost USB stick with personal data, a stolen laptop or a hacker breaking into a data file.

Why do I have to report a (possible) data breach?

Since January 1, 2016, the data breach reporting obligation applies. This means that organisations must immediately (within 72 hours) inform the Dutch Personal Data Authority as soon as they have observed a serious data breach. And sometimes they also have to inform the data breach to the person(s) involved (the people whose personal data has been breached).

What if I doubt whether there is a data breach?

Are you unsure whether there is a data breach? For example, because it is unclear whether personal data has been lost or has been processed unlawfully? Our request is to inform us of any possible data breach. Rather once too much reported than once too little.