The ministry of Economic Affairs has a bill published on a reporting obligation for data breaches. According to the proposal, parties that personal data losses it is required to report to the CBP and the affected people.
The proposal is published on Internetconsultatie.nl. Participation is possible until the end of February. The proposed legislation states that any party that processes personal data and it loses, for example, by a hack, this immediately to the board for the Protection of Personal data should report. In the report the leak may be described as well as the measures taken to mitigate the consequences. Also to all the affected people to be informed about the hack, except if the leaked data is encrypted.
The CBP can be a fine of up to 200,000 euro will impose, if an organization fails to make a report, and so the reporting requirement circumvents. This relatively high amount should be according to the framers of the reporting obligation is to make clear that transparency in a datalek a necessity, as well as sufficient securing systems.
Bits of Freedom, which has long strived for a reporting obligation for data breaches, is broadly satisfied with the bill. However, the organization made some improvements; it could be that various criteria must be strengthened because it is too vague or subjective. Also, a datalek not only on the website of an affected party should be reported. Bits of Freedom calls for disclosure of all notifications to the CBP.