Richard van Schaik and Róbin de Wit write:
The Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) revealed that almost 5500 data breaches have been notified since the legislation on mandatory data breach notification duties entered into force on 1 January 2016. Pursuant to this legislation, it is mandatory for all types of data controllers to notify data breaches to the AP and, under circumstances, also the individuals affected by the data breach.
Read more on DLA Piper Privacy Matters.