Obligation to report data breaches
Organisations (both companies and governments) that lose personal data or carry out unlawful processing of personal data are legally obliged to report this to the supervisory authority (the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)). This obligation is known as the obligation to report data breaches.
Data breach
A data breach involves access to or destruction, modification or release of personal data at an organization without the intention of this organization. A data breach therefore includes not only the release (leak) of data, but also unlawful processing of data. We speak of a data breach if there is a breach of the security of personal data (as referred to in the GDPR).
Examples of data breaches
Think, for example, of a lost USB stick with personal data, a stolen laptop or a hacker's break-in into a database.
A data breach at enexis or parties associated with it?
Enexis is responsible for a large number of personal data. If there is a data breach of personal data for which Enexis is responsible, you must report this to Enexis. Enexis assesses the report and takes appropriate measures.
A data breach at an enexis supplier of personal data?
Always report a (possible) data breach to Enexis by telephone as soon as possible. You can do this by calling 088-8574444 and then selecting extension number 3.