A data breach is when personal details fall into the hands of third parties who should not have access to this information. Instances where a breach cannot be ruled out are also considered data breaches. Destroying personal details or rendering them unusable also constitutes a data breach. A data breach is always the result of a security incident and can occur by accident or deliberately. A security incident leads to a data breach if it involves personal data.
A data breach implies a violation of the Dutch Personal Data Protection Act (Wbp) and the future General Data Protection Regulation (AVG). These violations carry high administrative fines. As the law prescribes strict requirements to the time in which to report a data breach (within 72 hours), it is important that you immediately report a detected data breach to us without fail using the button on this page.You can read how we handle your notification in the University of Twente Data Breach procedure.