Skip to main content

Notification of security incident and/or suspected data breach

Deloitte The Netherlands has a reporting obligation for Deloitte relations. On this page you can find the notification form and the information about the reporting obligation.

Since 1 January 2016, the obligation to report data breaches has been in force. This reporting obligation means that organisations (both companies and governments) must immediately report a serious data breach to the Dutch Data Protection Authority. And sometimes they also have to report the data breach to the data subjects (the people whose personal data has been leaked).

What is a data breach?

 

A data breach involves access to or destruction, alteration or release of personal data at an organisation without this being the intention of this organisation. A data breach therefore includes not only the release (leakage) of data, but also unlawful processing of data.

A data breach is a breach of the security of personal data (as referred to in Article 13 of the Personal Data Protection Act). In the event of a data breach, the personal data is exposed to loss or unlawful processing - i.e. to what the security measures are intended to protect against.

For whom is the obligation to report intended?

 

All relations, suppliers, customers and other third parties have an obligation to report a possible data breach with Deloitte data or Deloitte-related data. Examples include:

  • Sending an email with Deloitte data to the wrong person.
  • A lost USB stick with Deloitte data.
  • A stolen file or laptop.
  • A break-in to a database by a hacker.

What should I (not) do in the event of a suspected data breach or security incident?

 

Any (indication of a possible) security breach, incident or irregularities must be reported immediately, without delay and in any event within 36 hours, using this report form, to Deloitte.
Deloitte's client is not permitted to contact or communicate about this with regulators, data subjects or other third parties without Deloitte's prior explicit written consent. The further handling of any incident or possible incidents is exclusively reserved for Deloitte.

You can contact Deloitte's Security Officer:

Name: Marc de Vries
Phone: +31 (0)6 55 85 32 66
Email: MJTdeVries@deloitte.nl

Below you will find the security incident and/or suspected data breach notification form. After completing the form, you can scan this form and send it to the Security Officer.

Security incident and/or suspected data breach notification form