Menu

Filter by
content
PONT Data&Privacy
  • PONT home
    • mill

    0

    Data breach
    Een datalek is een inbreuk die plaatsvindt op de beveiliging van persoonsgegevens binnen een organisatie. Hierbij is bijvoorbeeld sprake van ongeoorloofde toegang, vernietiging of verandering van persoonsgegevens.

    Fine PVV Overijssel for failure to report data breach

    The Autoriteit Persoonsgegevens (AP) is fining the Party for Freedom (PVV) Overijssel 7,500 euros. The PVV Overijssel is receiving this fine because the party failed to report a data leak to the AP. Because of this data leak, people's political opinions were leaked.

    Autoriteit Persoonsgegevens
    11 May 2021

    News press release

    News press release
     
    The data breach arose via an e-mail about a constituency meeting. In it, 101 recipients were referred to as "friends of the PVV. Due to an error by a group employee, the e-mail addresses (and thus mostly the names) of the addressees were visible to everyone who received the invitation. As a result, the political views of the addressees were shared.

    Complaint

    The data breach came to the AP's attention after one of the addressees filed a complaint with the AP about the privacy violation. It then turned out that PVV Overijssel had not adequately dealt with this data leak by timely reporting it to the AP. That is a serious violation, especially given the sensitivity of the leaked information.

    Extra protected

    A person's political views are given extra protection in the General Data Protection Regulation (GDPR). They are so-called special personal data. Because this is sensitive information that is very private and that a person may keep to himself, stricter rules apply to the processing of this data.

    Risk

    If the confidentiality of this sensitive information is breached, it can put someone at great risk. It can lead to discrimination, for example. And affect someone's existing or future social position.

    Great responsibility

    Thus, by definition, a political organization processes sensitive information. Therefore, political organizations have a great responsibility to maintain a high level of protection. And to act adequately if, despite security measures in place, there is still a data breach.

    Duty to report data breaches

    In the event of a serious data breach, a notification obligation applies. This mandatory data breach notification means that both companies and governments must immediately (and in principle within 72 hours at the latest) notify the AP. It is essential that an organization report a data breach to the AP immediately. The AP can then help that organization limit the damage to the people affected. This includes providing instructions on how to plug the leak quickly and prevent future data breaches. The AP can also instruct the organization to quickly inform the victims of the leak. So as soon as PVV Overijssel knew about the data leak, the party should have reported it to the AP within 72 hours. But this did not happen. The PVV Overijssel does indicate that it has taken measures to prevent such a data leak in the future.

    Share article

    Comments

    MORE REACTIONS

    Leave a comment

    You must be logged in to post a comment.

    NEWS

    person holding black smartphone near black computer keyboard

    Kabinet: Odido-datalek onderstreept belang van gegevensbeveiliging, geen losgeld bij cyberafpersing

    News/press release

    Kamercommissie krijgt wegens Odido en andere datalekken mogelijk AVG-briefing

    News/press release

    AP en RDI starten onderzoek naar Odido

    News/press release

    3 vragen over de datalek bij gemeente Epe

    News/press release

    Zaterdag 14 maart maakte gemeente Epe bekend dat er gegevens waren gelekt. Op dat moment was de omvang van het datalek nog niet bekend. Inmiddels weten ze dat de hack is gedaan door...

    Tientallen Nederlandse SharePoint-servers bevatten actief misbruikt lek

    News/press release
    Security.nl

    AP: Data breaches due to misuse of personal data at municipalities often remain undetected

    News/press release

    HAN fined €175,000 for inadequate protection of personal data

    News/press release

    NCTV leak continues: minister cannot fully assess damage

    News/press release

    Patient data at risk: Healthcare and Youth Inspectorate demands action

    Blog
    Bram Hautvast

    Privacy laws in detection

    You will be informed about legislation that applies to data processing by BOAs. You will learn when your BOAs must comply with the Wpg, when with the AVG and what the main differences are. You will also learn what steps need to be taken to comply with the Wpg.

    Learn more

    DPIA practice day

    Work with course instructors through the entire DPIA process and cover various practical DPIA models. Thus,DPIA becomespart of privacy risk management.

    Learn more

    Cursus: Inzage- en verwijderverzoeken

    Individuals are increasingly invoking their privacy rights. For example, they ask for a copy of their data or, on the contrary, demand that the organization erase all their data. This raises complex questions. It is a challenge for many organizations: how can they fulfill all these requests efficiently but also properly? On the one hand, privacy compliance is important; on the other hand, you do not want to disadvantage your own position of proof in any future proceedings. A tricky matter with many pitfalls. This course gives you the tools to handle privacy requests efficiently and compliantly. The instructor uses many practical examples and concrete cases are worked out together so that your practical questions are directly addressed.

    Learn more

    Expert membership

    Expert membership

    Benefit now

    E-course DPIA

    Upon completion of the e-learning DPIA, you will have a complete understanding of the theoretical and legal framework of DPIAs. All aspects are covered, including: when a DPIA is mandatory, what the substantive requirements are, and what standards and regulations apply to DPIAs. You will also be explained practical DPIA models.

    Learn more

    Join PONT | Data & Privacy

  • Access to Knowledge Base
  • Read e-books
  • Contact with peers
  • Own news overview
    • BECOME A MEMBER

    General

    Service

    Navigate

    Berghauser Pont Media Group

    CONTACT

    𝕏

    Copyright 2026 Berghauser Pont | Website created by Buro Zero