What to do if your data has been breached?

If your data has been breached, you must immediately change your passwords, check all your online accounts and file a complaint with the organization that caused the breach. In case of serious damage, you can also file a complaint with the Dutch Data Protection Authority (AP). A data breach can have major consequences for your privacy and security, so acting quickly is important.

Let MijnRecht.AI analyze your situation for free

Analyse my situation

The short answer

In the event of a data breach, organizations must inform you within 72 hours if there is a risk to your rights and freedoms. As soon as you hear about a breach, immediately change all passwords for the accounts involved. Then check all your online accounts, bank accounts and credit card statements for suspicious activity. File a complaint with the organization that caused the breach and request measures. In case of major damage, you can also contact the Data Protection Authority.

What does the law say?

The General Data Protection Regulation (GDPR) requires organizations to report data breaches to the supervisory authority within 72 hours. If the breach is likely to pose a high risk to your rights, the organization must also inform you directly. You have the right to claim compensation if you suffer financial or immaterial damage due to the data breach. Organizations must take appropriate technical and organizational measures to prevent data breaches.

1Mandatory reporting by organization to DPA within 72 hours

2Duty to inform affected individuals in case of high risk

3Right to compensation for proven damages

4Obligation to implement appropriate security measures

What to look out for?

Pay close attention to which specific data has been breached - this determines what steps you need to take. Passwords, credit card details and personal information each require different measures. Document all the steps you take and keep correspondence with the organization. Remain alert for identity fraud, even months after the breach.

1What specific data has been breached

2How long the breach has existed

3What measures the organization has taken

4Whether there are signs of misuse of your data

Example from practice

Suppose an online store where you order regularly reports that their customer database has been hacked, including your name, address, email address and password. You immediately change your password for that store and all other accounts where you used the same password. You check your bank account and see suspicious transactions. You file a complaint with the store, request compensation and also report the incident to the AP because the store did not respond adequately.

What can you do?

Follow these steps systematically to optimally protect yourself after a data breach.

1Immediately change all passwords for affected accounts

2Check all your online accounts and bank accounts for suspicious activity

3File a complaint with the organization and request concrete measures

4Document all damages and correspondence for potential damage claims

5Consider a complaint to the AP if the organization responds inadequately

Conclusion

A data breach requires quick action to prevent further damage. By systematically securing your accounts and exercising your rights, you can limit the consequences. Do not hesitate to seek help if the situation becomes complex.

Frequently Asked Questions

How long does an organization have to inform me about a data breach?

Can I get compensation after a data breach?

What if the organization has not informed me about the data breach?

Do I always have to change my passwords after a data breach?

How long do I have to remain alert after a data breach?

What if the data breach occurred at a foreign organization?

Free analysis

Have a legal question?

Let AI analyse your situation and discover your rights and options instantly.