On January 1, 2016, a Dutch law became effective that (1) includes a general obligation for data controllers to notify the Data Protection Authority of data security breaches, and (2) authorizes the Data Protection Authority to impose direct fines for violations of the Data Protection Act.
Continue Reading