Does a data breach occur at your organization where there is a risk of loss or unlawful processing of personal data? If so, you may be required to report it to the Autoriteit Persoonsgegevens (AP).
Whether or not you must report a data breach to the AP depends on the likelihood and potential severity of the data breach to the individuals affected. You will therefore need to make a risk assessment. If the data breach is likely to be high risk, you will also need to inform the data subjects about the data breach.
Do you mistakenly fail to report a data breach to the AP? If so, the AP may fine you. You may also be fined if you wrongfully conceal a high-risk data breach from those involved.
Do you provide public electronic communication services? If so, you also file your data breach notification with the AP.
