[21 December 2015]
Data leaks reporting obligation
What does this mean for you? Effective 1 January 2016, both private and public organizations processing personal data will be obligated to report any serious data leaks to the Dutch Personal Data Authority forthwith (Autoriteit Persoonsgegevens; previously CBP). Sometimes they must also notify the data breach to the data subject (the people whose personal data have been leaked). A serious data leak involves a security breach resulting in, inter alia, theft, loss or misuse of personal data. The Dutch Personal Data Authority may impose administrative fines of up to € 820,000 in case of reporting violations.
Examples of data breaches are: a lost USB stick containing personal data, a stolen laptop or an intrusion in a database by a hacker.
At Oaktree safety comes first!
Against the background of the new legislation, the motto is more than ever: Prevention is better than cure! Oaktree’s security experts will map out your IT infrastructure and guide you through the array of possible security measures suited for your organization, varying from the bare minimum security requirements to optimum, state of the art solutions. At the same time and with your help, we will analyze which near future adjustments your IT infrastructure will likely need to undergo to keep pace with your organization’s developments. And of course we will keep you informed of developments that might be of interest to your situation.
Current examples are:
Your organization is constantly changing. Regularly checking whether the IT infrastructure and the implemented security measures are still sufficiently practical and effective in providing the necessary protection. Oaktree recommends a periodic or ad hoc audit of your IT infrastructure in this respect. If applicable, the audit report will include specific recommendations for upgrades with a positive cost-benefit ratio.