Today the Royal Decree setting the date of entry into force of the Bill on Notification of data leaks was published. The law will take effect on 1 January 2016 and introduces an obligation on data controllers in the Netherlands
Dutch Data Protection Authority
Breach notice becomes law in the Netherlands; 11 things to know
On 26 May 2015, the Dutch Senate passed the Bill on Notification of data leaks. The law imposes an obligation on “data controllers” (the persons or entitis that determine the purpose of and means for processing personal data) in the Netherlands to notify the Dutch Data Protection Authority (CBP) and affected individuals. The law may require data controllers to update agreements with their data processor to account for breach notice obligations. The law also increases fines for violations of the Dutch Data Protection Act (DPA) to up to €810,000 or 10% of the company’s net annual turnover. Both data controllers and data processors (who may be deemed “accomplices” in the breach) may be subject to the fines.