Data Breach Management


Data Breach Management

Deloitte Cyber & Privacy Risk Services

With the upcoming impactful changes of the Dutch Personal Data Protection act, it is important to stay informed and meet new personal data protection challenges. The Deloitte Privacy Team can help with setting up needed data governance structures, processes and policies to help your organization handle a possible data breach.

As of the 1st of January changes will be made to the Dutch Personal Data Protection Act. Among these changes will be the introduction of the personal data breach notification and the extended right for the Dutch Data Protection Authority (“DPPA”) to impose extensive fines. Whilst these changes can be hard for organizations to handle, it can also be seen an opportunity for enhancing and optimizing your work processes.

The most important new rules are the following:

  1. Your organization will be obliged to report security or data breaches to the DDPA, when these breaches may adversely affect the privacy of the individual concerned.
  2. Data breaches that are relevant to the data subject have to be reported to this subject directly, which requires effective communication.
  3. The DDPA can distribute penalties based on violations of legal obligations that go beyond the newly introduced broad data breach notification obligation, with a maximum fine of € 810.000.
  4. Data breaches are no longer reported to the Authority for Consumers and Markets, but to the DDPA.

With these new rules it becomes even more important to interpret these rules in the right way and embed them in your organization’s processes. In addition to this, it might be a challenge to meet the DDPA’s requirements of strict monitoring in order to detect data breaches.


How can we help?

Our multi-disciplinary Privacy Team can help you with setting up the needed data governance structures, processes and policies to monitor these data flows, detect data breaches and manage them in a streamlined and efficient way. We can also provide First Aid on the short term when needed, and if a crisis cannot be avoided our Resilience & Crisis Management Team can help to respond to and recover from a data breach crisis.

More information on the changing Dutch Personal Data Protection Act and our Privacy services can be found in the flyer.


Know more on data breach management?

Do you want to know more on data breach management? Please contact Annika Sponselee at +31 (0)6 1099 9302 or Theodorus Niemeijer at +31 (0)88 288 1978.

Data Breach Management


Annika Sponselee

Annika Sponselee


Annika Sponselee is Partner at Deloitte Risk Advisory and heads the Privacy Team. This Privacy Team exists of 20 privacy experts, all dedicated to and qualified in their field of expertise (i.e. legal... Meer

Theodorus Niemeijer

Theodorus Niemeijer


At Deloitte The Netherlands I lead the crisis and resilience practice within Strategic & Reputation Risk. I focus on and specialise in designing, implementing and evaluating crisis management and busi... Meer

Gerelateerde onderwerpen