Since 1 January 2016, the obligation to report data breaches has been in force. This reporting obligation means that organisations (both companies and governments) must immediately report a serious data breach to the Dutch Data Protection Authority. And sometimes they also have to report the data breach to the data subjects (the people whose personal data has been leaked).
A data breach involves access to or destruction, alteration or release of personal data at an organisation without this being the intention of this organisation. A data breach therefore includes not only the release (leakage) of data, but also unlawful processing of data.
A data breach is a breach of the security of personal data (as referred to in Article 13 of the Personal Data Protection Act). In the event of a data breach, the personal data is exposed to loss or unlawful processing - i.e. to what the security measures are intended to protect against.
All relations, suppliers, customers and other third parties have an obligation to report a possible data breach with Deloitte data or Deloitte-related data. Examples include:
Any (indication of a possible) security breach, incident or irregularities must be reported immediately, without delay and in any event within 36 hours, using this report form, to Deloitte.
Deloitte's client is not permitted to contact or communicate about this with regulators, data subjects or other third parties without Deloitte's prior explicit written consent. The further handling of any incident or possible incidents is exclusively reserved for Deloitte.
You can contact Deloitte's Security Officer:
Name: Marc de Vries
Phone: +31 (0)6 55 85 32 66
Email: MJTdeVries@deloitte.nl
Below you will find the security incident and/or suspected data breach notification form. After completing the form, you can scan this form and send it to the Security Officer.
Security incident and/or suspected data breach notification form