• Sarphatistraat 7
    1017 WS Amsterdam
    logo-gemeente-amsterdam (1)
  • Kastanjelaan 400
    5616 LZ Eindhoven
    eindhoven_pms485_liggend_bb (1)
  • Aert van Nesstraat 45
    3012 CA Rotterdam
    Group 47

Support after a data breach

Halsten is the legal business partner of an international organisation that processes a large amount of special and other personal data. We provide support for a variety of legal matters, including contract law and privacy law. The organisation experienced a sizeable data breach, not just once but twice within a few months. A data breach occurs when an unauthorised third party obtains access to personal data.

Anne-Mieke Verbunt, lawyer at Halsten Lawyers:

“At Halsten, we have proven experience with the process that follows the report of a possible data breach. In such cases, we immediately set up a crisis team and maintain an overview based on our legal expertise. Then, we advise, and quickly regain control over the situation.

After the incident has been reported to the Dutch Data Protection Authority, we take necessary the operational steps taking account of the time pressure involved. This includes contacting the data subjects, setting up a call centre for answering questions, organising interpreters for foreign data subjects, etc. We also immediately call in an independent third party to determine who bears ultimate responsibility. Based on our quick response, a thorough investigation and calling in the right experts, control is quickly gained of the situation, and subsequent legal steps can be taken, such as holding the party who caused the data breach liable, suspending outstanding invoices or levying pre-judgment attachment.”

Together with one of the privacy specialists on team Halsten, Anne-Mieke looks at this project and the approach: “With this client, but also in other cases involving a data breach, we need to work under considerable pressure to quickly determine exactly what is happening. Almost immediately after the data incident is discovered, measures must be taken to put an end to both the incident and the invasion of the privacy of the data subjects. A data breach or incident must be reported to the Dutch Data Protection Authority within seventy-two hours after discovery. This means that we immediately call together a crisis team of specialists. First, we take inventory to determine whether a data breach is involved, and therefore if unauthorised access to the data was obtained and thus the rights and freedoms of the data subjects were violated. After the report to the Dutch Data Protection Authority, a decision is made about informing the data subjects involved.”

Project managers

Project features

  • Swiftly switching gears: inventory of the situation is taken within seventy-two hours
  • Taking the right operational steps under pressure
  • Privacy specialist
  • Halsten for practical and legal support in the operations phase
  • Halsten as an experienced director of the legal affairs team in the event of data incidents
halsten divider copy 6
halsten divider copy 6