Most of the time, yes. It depends on how the data breach affects you and other people.
For example, did hackers steal credit card information? Or has a copy of your ID been leaked? If so, this poses a great risk to you. Criminals can make purchases in your name, for example. But a leaked e-mail address can also have consequences, because phishing is becoming increasingly common.
If there is a risk of unpleasant consequences, the organization must report the data breach to the AP. If there is a high risk, the organization must also let you know what happened. And what the consequences are for you.
Have you been the victim of a data breach? Depending on what data has been leaked, there are several things you can do. For example, change your passwords. Especially if you used the same password on multiple sites. And be alert for suspicious emails or unknown debits to your bank account.
Do you suspect that your data has been leaked, but do not receive a notice? If so, contact the organization involved first. You can also submit a data breach to the AP.
Also read the story of Gerrit (72) who had to deal with a data breach as well as a car break-in.
Source: https://www.autoriteitpersoonsgegevens.nl/vraag-van-de-maand/moet-een-organisatie-het-mij-laten-weten-als-mijn-gegevens-zijn-gelekt, accessed January 20, 2025.
