Skip to main content

Clifford Chance

Clifford Chance


New Dutch security breach notification rules: are you prepared?

2 December 2015

As of 1 January 2016, new rules will enter into force under the Dutch Data Protection Act. Data controllers will be obliged to notify the Dutch Data Protection Authority, and, in certain cases, also data subjects of serious security breaches impacting personal data. In addition, the Dutch Data Protection Authority's powers of enforcement will be significantly enhanced, allowing for the imposition of fines for data protection violations up to EUR 820,000 or even 10% of a company's annual net turnover per violation. At the same time, the enforcement of the Data Protection Act is said to be intensified, all of which makes compliance a risk control topic to be addressed at a board room level. This briefing discusses the new rules and the preparatory actions to be taken.

Download PDF