Contributed By Vondst Advocaten N V
Discuss any significant audits, investigations or penalties imposed for alleged cyber-security violations or data security incidents or breaches.
As discussed above, the AP imposed a penalty on Uber for violating data breach notification obligations in 2018.
Pursuant to a report of the AP on personal data breach notifications received in 2018, it received 20,881 personal data breach notifications in 2018, and information on 62 cross-border personal data breaches from other DPAs. The AP has announced that personal data breaches that are not notified in accordance with the GDPR are a focus point for 2019, and that violation of the notification requirement will more often result in sanctions. In its report the AP indicates what actions it has taken in follow-up to data breach notifications, including giving advice to companies (eg, about security measures to be implemented), requesting additional information concerning the personal data breach reported, sending a letter to explain the applicable rules, initiating discussions with companies on the applicable rules and initiating an investigation in follow-up to a data breach notification.