The Dutch government proposes mandatory breach notification

The Netherlands government’s proposal for mandatory data breach notification would require all organisations to inform the Dutch DPA of security breaches. According to law firm De Brauw Blackstone Westbroek in Amsterdam, a failure to notify would be punishable by a fine of a maximum of EUR 450,000.

Any breach of security measures that could reasonably be expected to have a negative impact on the protection of personal data which that entity processes would have to be notified. In addition, individuals whose data may has been compromised would have to be notified if their privacy is at risk, unless the data concerned had been encrypted.

The government also proposes a fine for non-cooperation. The DPA could impose a fine of up to EUR 450,000 on companies which do not fully cooperate during an investigation or audit.

The Dutch DPA promotes self-regulation and has developed a number of audit products in a joint venture with audit and consultancy organisations.