Notification of data breaches to the Dutch supervisory authorities

Data breaches subject to the notification obligation, as prescribed by the GDPR, may be submitted online at https://datalekken.autoriteitpersoonsgegevens.nl/melding/aanmaken?1.

In the event of a data breach, data subjects’ rights may be restricted, as described in Section 11 “Rights of the data subjects”.

Exceptions for financial companies

Article 42 UAVG exempts financial undertakings, as referred to in the Financial Supervision Act (Wet op het financieel toezicht), from the obligation of communicating the personal data breach to data subjects, as prescribed by Art. 34 GDPR. Instead, provisions of sector-specific laws apply.