New Netherlands notification requirements will change data controllers’ view of cybersecurity

Effective 1 January 2017, Dutch data protection law requires organizations to notify the Dutch Data Protection Authority within 72 hours of “a breach of security […] which results in a significant chance of severe detrimental effects or has severe detrimental effects for the protection of the private life". The data subject must also be informed if “the breach probably will result in adverse effects on their private life”. These obligations only apply if the Dutch Data Protection Act applies, for instance in situations wherein a Dutch entity is data controller.

Source: https://iapp.org/news/a/new-netherlands-notification-requirements-will-change-data-controllers-view-of-cybersecurity/

Country: Netherlands

Domains: Privacy

Tags: security breach, data breach notification, DPA, The Netherlands, privacy, data protection

Posted on Tuesday 7 June 2016

Previous item: « IANA transition milestone reached Next item: Towards the end of the monopoly of SIAE? »

Policy Observatory

New Netherlands notification requirements will change data controllers’ view of cybersecurity