Data breach notification in NL now!

By | Wednesday October 21st, 2015

I was in Netherland last week at the Heliview Privacy conference and found that in the Netherlands, starting from January 1st, 2016 the data breaches must be notified to the authority and to the data subject.

The non-compliance fines are set to 810.000 euro or an impressive 10% of the company turnover.

Here you find more information if you know Dutch or use google translator…

It is good to see that discussions are starting about about how to apply the new law and to interpret the meaning of some key words such as “severe” data breach.

This law follows a common trend in Europe started by the national DP authorities to anticipate the most important concepts of the EU DP Act that will be approved sometime in the future. For example I have seen the same data breach notification obligations in Italy for the Telco, Internet Providers, Health Care and Banking (moral suasion) sectors.

Category: Data Breach Legal framework Sanctions Tags: ,

About Alessandro Vallega

He is Security Business Development Director for Oracle EMEA. He has the responsibility to lead a cross functional team on the GDPR (General Data Protection Regulation, EU 679/2016) at EMEA level (marketing, legal, sales, training, technology). He founded and coordinates an external blog on the same topic ( He has defined a European methodology to evaluate the database security degree of a data center and the advantages of identity and access management technology. He founded in 2007 the Oracle Community for Security, and in that context led the creation of several publications about security and privacy in the cloud, with mobile, in the social media, in healthcare, on return on security investments, about the role of the CISO, and how to prevent frauds. He is an author of the Italian annual ICT Security Report by CLUSIT and he is part of the CLUSIT board of directors.

2 thoughts on “Data breach notification in NL now!

  1. Sergio Fumagalli

    Not only the national Privacy Commissioners are introducing data breach notification: the Bank of Italy has issued a regulation that requires banks to notify severe data breaches to the bank surveillance authority.
    So the discussion about what is the meaning of “severe” is open. I hope that “severe” won’t mean from earthquake or terrorist attack up only.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.