1. Thuis
  2. Privacy & Voorwaarden
  3. Data breach
  4. Data breach form

Report data leak – companies/processors

The obligation to report data leaks as stated in the General Data Protection Regulation (GDPR) means that companies must report a data leak to the Dutch Data Protection Authority within a short period of time. Due to this law, we require you to report a breach of the security of personal data at your company within 24 hours after detection via this form. If you have any questions about this form, please send an email to data.protection.netherlands@vattenfall.com

Company data

For example: 1234 AB

Describe the data breach

Describe in full detail the cause and (possible) results of the data breach for the personal data protection.

Contact person 

For example: 061234567
We sturen een bevestiging naar dit adres.

When did you detect the breach?

In hours and minutes, for example 10:15

When did the breach occur?

Describe the group of people whose personal data is affected by the breach

Multiple answers possible.

What is the nature of the breach?

Multiple answers possible.

How many people’s data has been affected?

Report a minimum and maximum number.

What type of personal data is involved?

Types of personal information are:

  • Name, address, city data
  • Telephone numbers
  • Email addresses or other addresses for electronic communication
  • Authorisation or identification data (e.g. login, password, customer number)
  • Financial data (e.g. bank account number, credit card number)
  • Social security number
  • Passport copy or copy of other id documents
  • Gender, birth date and/or age
  • Special/sensitive information (medical data etc.)
  • Other data (please describe)

Has the personal data been encrypted, hashed or otherwise rendered incomprehensible or inaccessible to unauthorised parties?

Describe the situation. When rendered incomprehensible, please describe how this was done.

Does the data breach concern personal data of European Union citizens apart from the Dutch?

What technical and/or organisational measures has your company implemented?

What measures has your company implemented to tackle the breach and to prevent further breaches?