Skip to main content

How can we help you?

  • 10-12-2015


As of 1 January 2016 companies, public bodies and other organisations that process personal data have an obligation to immediately report personal data breaches to the Dutch Data Protection Authority (College Bescherming Persoonsgegevens ("CBP")). Yesterday, the CBP published its Policy Rules on the duty to notify personal data breaches ("Policy Rules"). The Policy Rules are intended to support businesses in complying with the notification duty and also serve as the CBP's point of departure when applying enforcement measures. This Update provides an overview of what you need know about the breach notification duty. As of one January 2016 the CBP will change its name to Autoriteit Persoonsgegevens. This Update therefore makes reference to Autoriteit Persoonsgegevens, rather than the CBP.

Please read more on this topic in our newsletter.

Cookie notice

Our website only uses cookies when you play video content. Video content is streamed from Vimeo. Our website does not use tracking cookies and/or third party cookies when you do not play video content. Please read the privacy/cookie policy for more information.