Data breach

A data breach happens in a flash: an email with a sensitive attachment sent to the wrong recipient, using the TO or CC field instead of the BCC field in external mailings, or clicking on a link in a phishing email. 

A data breach involves access to or destruction, alteration or loss of personal data at an organization without the intent of that organization.   

The data breach triage team assesses whether there is a data breach, whether the Personal Data Authority (AP) and/or whether the data subjects (those involved need) to be informed. A data breach must be reported to the AP within 72 hours after its internal discovery.   

In addition, the data leak triage team investigates whether the breach can be undone or damage limitation measures can be taken. It is therefore important that the person who has caused or discovered the data breach reports it as soon as possible. In that case, the data breach triage team can give instructions. If we work together quickly and well, we will improve the security of personal data within NHL Stenden.  

What can you do?   

  • Report a data breach to us as soon as possible via the link at the bottom of this page;  
  • If the 72-hour deadline has already passed, please still report the data breach and explain why it has been reported later;  
  • Inform your colleague or fellow student who has caused the data breach and ask them to report it immediately;  
  • In the case of a wrongly sent e-mail that was sent internally, you can try to retract the e-mail yourself or request Service Square to do this for you;
  • If the withdrawal does not work or the e-mail was sent to someone outside NHL Stenden (not send to a NHL Stenden e-mail address), please ask the wrong recipient to delete the e-mail without opening, also from the recycle garbage can, and to also confirm this to you by e-mail;  
  • Be as complete as possible when filling in the data breach form and upload the documents that relate to the data breach (e.g. the relevant email or a screenshot, the email in which you requested the email to be deleted and the confirmation of such deletion); 
  • Follow the instructions of the data breach triage team; 
  • When in doubt, always report the data breach.   

What would you rather not do? 

  • Wait to report the data breach for whatever reason;  
  • Try to make your own assessment of whether there is a data breach;  
  • Inform others than the data breach triage team about the data breach (only do this if instructed to do so); and  
  • Attempt to cover up a data breach or remove or alter information about the data breach (a data breach can happen and we need all the information we can get to make a proper assessment). 

If you experience problems filling in the report form or if you want to consult first, please contact the CISO or the DPO immediately. 

For (general) questions you can contact the privacy and security team.  

E-mail address: 

Employees, students/course participants can report the data breach HERE

Externals can report the data breach HERE

To report a phishing email, click HERE 

Thank you for joining us in ensuring your and our privacy! 

Recent Posts