Mandatory data breach notification

Summary
The data breach notification duty applies under the General Data Protection Regulation and makes it necessary to make a notification in the event of a (suspected) data breach. Below is information on the protocol Fontys follows and how to do so within Fontys ICT.

Reporting data breaches: what, how and where?

With the introduction of the mandatory data breach notification as of 1 January 2016, Fontys ICT has an obligation to report possible data breaches to the Corporate Information Security Officer (CISO) of the Fontys University of Applied Sciences.

Not every suspicion has to be a data breach. A data breach is defined by the Personal Data Authority 1) defined as a security incident involving personal data where unlawful access, processing or loss has occurred.

These include:

Not sure if you have a data breach? If so, contact the information manager to discuss the case.

At Fontys level, a form is available for reporting data breaches. Fontys ICT operates according to this protocol.

Tips to prevent data breaches?

1)
Data breach notification obligation [article]. Retrieved 28 March 2019 from https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/beveiliging/meldplicht-datalekken