Since January 1st 2016 reporting data leaks is required by law in the Netherlands. This obligation is laid down in Article 34a of the Dutch Personal Data Protection Act (DPDA or in Dutch Wet bescherming Persoonsgegevens).
Dutch law thus implements the EU data protection directive and anticipates the General Data Protection Regulation (GDPR) that enters into application 25 May 2018. When the GDPR takes effect regulations will become the same for the entire European Union.
The DPDA requires Erasmus University Rotterdam to report data leakage. Examples of such incidents are the loss of a USB stuick with medical research data or an incident in which students results are visible on the internet. An incident has to meet certain criteria to require reporting to the responsible Authority. Therefore, not all security incidents result in reporting a data breach.
When a breach could have serious consequences for those involved, the law also requires the University to inform them about the data breach.
Should you become aware of a possible data leak, please report this as soon as possible to the USC Front Office via firstname.lastname@example.org or (010) 408 8880.
Because we attach great importance to carefully handling all information from the EUR, everyone is asked to report all possible data breaches, even if they do not relate to personal data.
If you need confidential treatment, you can report immediately to the Data Protection Officer of Erasmus University Rotterdam.