De Pier Recreatie ensures proper security of personal data. The techniques available for this are constantly being updated. Unexpectedly, it may still be the case that this security is breached, for example by a hack, then there is a data leak and the data may end up in the wrong hands. Here is our procedure of what you can do and what we do when a data breach is detected.
Obligation to report data leaks
All organizations in the Netherlands are obliged to report data leaks to the Dutch Data Protection Authority, if there is a risk for those involved. We must also inform the victim (s) of the data breach about this if there is a risk of serious adverse consequences for them. The Dutch Data Protection Authority is the supervisor in the field of privacy.
What is a data breach?
A data breach is a breach of the security of personal data, whereby personal data ends up with someone who should not have access to that data, or data is inadvertently changed or lost without the data being backed up. This may concern the hacking of digital systems of [Company name] in which personal data is stolen, but also a stolen laptop, tablet or smartphone containing personal data or a lost USB stick with files on it.
Have you discovered a data breach?
Have you received confidential documents or gained access or insight into personal data that was not intended for you via one of our websites? Then we ask you to report this as soon as possible via firstname.lastname@example.org or by calling +31413262585 To be able to repair the leak as quickly as possible, the following information can be helpful, but we ask you not to share the data breach with others. :
- a description of the data that is visible to you
- the reproducibility
Do you actively abuse a data breach or incorrectly received personal data? Then we will report the matter to the police.
What do we do with a data breach?
As soon as we become aware of a data breach, we will take immediate action by carefully checking which data has been leaked and whether the person concerned may have been duped by the leak. If there is a real risk that the privacy of the injured party (s) has been violated, we will report the data breach to the Dutch Data Protection Authority. We also inform the injured party (s) and we help to minimize the risk of damage from the data breach.
If we report the data breach to the Dutch Data Protection Authority, we will report:
- the nature and extent of the leak;
- who it concerns and which personal data registrations it concerns and the numbers as far as we can determine them;
- who our data protection officer is;
- the consequences of the breach
- the measures we have taken.
If we inform the injured parties, we will report:
- the nature of the leak;
- who our data protection officer is and that further information may be requested from him;
- the consequences for the injured party;
- the measures we have taken.
Register data leaks
We do our utmost to prevent data leaks, should they occur, these leaks will be included in the Register of Data Leaks. This register contains the date on which the leak was found, what was leaked and how it happened, what the possible consequences are, the measures taken, who we have informed and whether or not a report has been made to the Dutch Data Protection Authority.