An obligation to report a personal data breach has been included in the General Data Protection Regulation (GDPR). Organizations are obliged to notify their data protection authority (in the Netherlands this is the Dutch Data Protection Authority) about serious personal data breaches, and, in some cases, also the data subjects (the persons involved).
Via this webpage employees, hired employees, clients and research partners of CentERdata and CentERdata’s data processors can easily report a personal data breach.
A personal data breach must be reported as quickly as possible to the Data Protection Officer (DPO) of CentERdata (email@example.com). Employees and temporary staff of CentERdata are obliged to report a personal data breach within 6 hours. Please note: this concerns clock hours not working hours!
A breach of security that accidentally or unlawfully leads to unauthorized or unintended access to personal data. This includes the destruction, the loss, the change or the disclosure of the data.
There are three types of personal data breaches:
Examples of personal data breaches are:
Personal data is any data that can be used to identify a person. You can think of:
Every breach of security must be registered internally. In case of doubt, act as if there is a serious personal data breach. Better safe than sorry!
A personal data breach must be reported to the supervisory authority within 72 hours. By reporting a personal data breach within 6 hours, CentERdata still has more than enough time to investigate the circumstances of the personal data breach.
If CentERdata has the role of processor, we can report the personal data breach to the controller in time.
CentERdata’s DPO examines the report and subsequently determines whether the controller, the supervisory authority and/or the data subjects must be informed. The DPO can also request additional information.
Employees, temporary staff, clients, research partners, and suppliers are expected to provide all information necessary to inform the right authorities and people.