Data breaches

Nowadays, it is almost a fact of life that organisations are faced with a data breach at one time or another. It is important that organisations take immediate action if they become the victim of a data breach to ensure that the damage for the victims is minimised. Because data breaches may have significant consequences, such as identity fraud.

On this page

  1. General information

Fortunately, there is a lot that organisations can do to prevent data breaches or reduce their consequences. For example, by taking adequate security measures.

Quick answers

What do I have to do if my bank account number may have been leaked?

Did you receive a message from an organisation that they have become the victim of a data breach? And that bank account numbers have been leaked as a result? This is what you can do in such case:

  • Be alert to phone calls or messages by email, text or WhatsApp in which people try to obtain information from you, such as your PIN code. Your bank will never ask you to provide a certain code or to send your bank card to a certain address, and certainly not in this way.
  • Pay frequently attention to any debits from your bank accounts. Criminals may use your bank account for buying things.
  • For more information see (in Dutch).

What is meant by 'data records' in the data breach notification form?

In the data breach notification form you are asked to indicate how many data records (data registers) have been affected by the breach. A data record is a record of information about a specific person. A data record may comprise multiple (categories of) personal data.

Is a data record part of a table? Then the term 'data record' usually means a row in a list. For example a row in an Excel file: in that case, 1 row in the list is 1 data record.

Examples of data records

  • A purchase at an online shop is 1 data record. The data record may consist of, among other things: product or products ordered, purchase amount, time of ordering, name and address details, email address and any other data about the purchase. Does the customer make a purchase at an online shop at various times? Then the online shop records each purchase in a separate data record. An online shop may therefore have multiple data records on the same customer. 
  • A copy of a passport is 1 data record. Apart from someone's name and date of birth, this passport also contains other personal data, such as someone's passport number.
  • Does a hospital use logfiles for recording who had access to a medical file at what time? Then every log is 1 data record.

Does an online shop use logfiles for recording who added a product to a shopping cart at what time? Then every log entry is 1 data record.

Where can I ask questions about the obligation of my organisation to report a data breach to the supervisory authority?

Do you want to ask the Dutch DPA a question about reporting data breaches? Then you can call 088 - 1805 255. You pay your usual telephone costs.

Gerelateerde thema's en onderwerpen


Security of personal data

A proper security of personal data is one of the basic principles of the GDPR privacy law for a reason.
Go to subject