Please note: The algorithm descriptions in English have been automatically translated. Errors may have been introduced in this process. For the original descriptions, go to the Dutch version of the Algorithm Register.
Advising on data breach notification
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
General information
Theme
Begin date
Contact information
Link to publication website
Responsible use
Goal and impact
The algorithm helps objectively determine whether a data breach should be reported to the Data Protection Authority and to data subjects.
Considerations
The algorithm helps to objectively determine whether a data subject needs to be informed.
Human intervention
There is always a human decision involved. The system gives an advice based on a number of questions. An employee decides whether the advice is accepted or not.
Risk management
No personal data will be processed.
Legal basis
Under the General Data Protection Regulation (AVG) and the Police Data Act (Wpg), it is mandatory to report data breaches to the Personal Data Authority and data subjects.
Links to legal bases
- Artikel 33 en 34 AVG: https://eur-lex.europa.eu/legal-content/NL/TXT/HTML/?uri=CELEX:32016R0679&qid=1685451198313#d1e3423-1-1
- Artikel 41 en 41 UAVG: https://wetten.overheid.nl/jci1.3:c:BWBR0040940&hoofdstuk=4&artikel=41&z=2021-07-01&g=2021-07-01
- Artikel 33a Wgp: https://wetten.overheid.nl/BWBR0022463
Operations
Data
information on the likelihood and impact of the incident (no data on those involved)
Technical design
Step 1: The algorithm works for all kinds of countries around the world. A jurisdiction is chosen (the Netherlands). For the Netherlands, the rules as drawn up by the Personal Data Authority (AP) are considered.
Step 2: An employee indicates in the system whether there was actually an incident where personal data was leaked.
Step 3: An employee indicates the likelihood of harm to data subjects.
Step 4: And employee indicates the extent of the impact to data subjects.
Based on this information, it is determined whether the AP should be informed (if there is a chance of harm) and whether data subjects should be informed (if the impact for data subjects is high).
Based on the advice, tasks are proposed for the employee to perform. If the employee is not going to perform the task, a reason must be given in the system.
External provider
Similar algorithm descriptions
- The AP uses this algorithm to classify data breach reports by severity. Based on that classification, inspectors can prioritise serious reports. The algorithm does not contain any personal data.Last change on 11th of October 2024, at 9:33 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- The algorithm (classification model) supports in processing an application for a Short Stay Schengen Visa. This is called Information Supported Decision Making (IOB).Last change on 11th of June 2024, at 13:28 (CET) | Publication Standard 1.0
- Publication category
- Impactful algorithms
- Impact assessment
- DPIA, IAMA
- Status
- In use
- Data analysis for insight and overview of the administrative measure area ban.Last change on 13th of December 2024, at 10:27 (CET) | Publication Standard 1.0
- Publication category
- Impactful algorithms
- Impact assessment
- Field not filled in.
- Status
- In use