Have you ever forwarded an e-mail to the wrong student or lecturer? Or accidentally been able to view (personal) data that you probably shouldn't have? That can already be a data breach!
Personal data in the wrong hands
A data breach is not just about hacks or phishing, but can also take place on a much smaller scale. It concerns a situation in which personal data can fall into the hands of someone who should not have access to it. Think for example of a USB stick lying around, a paper participant list of a training course, a cyber attack, an e-mail with the wrong recipient, but also stolen hardware.
Always report to CERT within 72 hours
What do you have to do in case of a data breach? Always report a (suspected) data breach to the Computer Emergency Response Team (CERT-UU) via firstname.lastname@example.org. In this way we work together to protect our personal data. Often a data leak must then be reported to the Dutch Data Protection Authority (DDPA, Autoriteit Persoonsgegevens), the national privacy supervisor. The AVG prescribes that this must be done within 72 hours - weekends or public holidays just count in this case. Speed is therefore important!
CERT-UU can be reached seven days a week from 8.30 a.m. to 11 p.m. by e-mail at email@example.com or (in urgent situations) by telephone at (030) 253 5959.