Data breach notification obligations already exist in the Netherlands as of January 2016. With the entry into force of the GDPR in 2018, data security and data breach (notification) obligations are unified across the EU. However, despite the GDPR’s intention to provide a level playing-field across the EU, interpretation and enforcement of security and data breach notification obligations may still vary across EU countries. In this blog post, we discuss the AP’s approach towards – and enforcement of – data breaches, including the AP’s GDPR fining policy.
Read MoreWe provide an outline of what information should be documented by a controller, under Article 33(5), in order to enable a supervisory authority to verify the controller’s compliance with Article 33. This is set out by reference to each of the subsections of Article 33.
Read More