Become a Partner
Back to Resource Center

Data breaches at companies

Nowadays, people share all sorts of things on the internet, especially on social media. Think of messages on Facebook, Instagram, Twitter, and WhatsApp. When sharing these messages, people often do not consider their privacy.

In addition to sharing information about leisure activities, personal data is also shared with companies. This is almost always done via a contact form on a website, via a chat box, or on WhatsApp. As a company, it is crucial to protect this data. When a consumer shares something with a company, the company is responsible if this data becomes public.

In this article, you can read about the consequences of a data breach and what we can do for you as a company. We, therefore, recommend that you read the entire article because a data breach can put your company in serious trouble.

When does a data breach occur?

Your company is dealing with a data breach if third parties obtain personal data that is stored by your company, while they are not allowed to see it. It doesn’t matter how this data is leaked. As a company, you can’t hide behind anything. Even if you accidentally sent personal data to the wrong e-mail address, there is a data breach.

It is important to remember that a data breach may only be discussed when personal data is leaked, such as names, phone numbers, email addresses, and passwords.

What do you as a company have to deal with in the event of a data breach?

A Dutch company must report a data breach to the Dutch Data Protection Authority as soon as possible. By law, this must be done within 72 hours. You can do this via

The Dutch Data Protection Authority divides reports about data breaches into different levels. In the event of a serious data breach, the Dutch Data Protection Authority refers to the leakage of a large amount of personal data, which can have a major impact on someone’s life.

A data breach is labeled ‘severe’ when the following data is leaked:

  • Login details
  • Medical information
  • Identity cards
  • Financial data
  • Data about race or creed

As a company, you are obliged to report the data breach to all those involved. This allows them to take timely measures that can prevent major damage. For example, you must offer the data subjects to change their password.

You do not have to inform the data subjects when the personal data is protected with encryption. This means that third parties have access to the data, but cannot view it thanks to security. You should, however, be sure of this. If the Dutch Data Protection Authority believes that you should have informed the data subjects, you can still be fined. You are guaranteed this if you intentionally conceal a data breach. The fine can be up to €820,000 or 10% of the annual turnover.

The Dutch Data Protection Authority can impose a binding instruction if it appears that no intent is involved, or no serious culpable negligence can be demonstrated. You must comply with this instruction.

Can you process personal data?

How can you be sure that you are allowed to process personal data? The Dutch Data Protection Authority has drawn up a step-by-step plan for this, which you as an SME can adhere to. The following four points are important for SMEs:

  • As an SME, you may process personal data to perform an agreement.
  • You may have to process personal data because this is required by law.
  • As an SME you may also process personal data if someone has permitted this.
  • You may process personal data if this is based on legitimate interest. Do you want to know if this is the case? Then click on this link!

What can criminals do with the obtained personal data?

Criminals can use personal data to copy an online identity. That way they can commit identity theft. They pretend to be someone else to commit crimes without hindrance. They can use the data, for example, to gain access to your bank account.

More examples of identity fraud

  • Order products under someone else’s name
  • Create a credible social media account to scam someone
  • Conclude agreements under someone else’s name


As a company, you naturally do not want to be partly responsible for this misery. It is therefore extremely important to protect the online privacy of your customers.

Criminals do not only misuse the personal data obtained to make life miserable for their customers. They can also use it to extort your business. They do this by using personal data as ransomware. This is malicious software that takes over and locks the computers within a company. Ransomware can also be the cause of a data breach.

Criminals often gain access to the company network through phishing. An example of phishing is sending emails to company employees with a dangerous attachment. When this attachment is downloaded, the criminal gains access to the employee’s computer. This appendix is, for example, called ‘invoice’.

The criminal then steals the personal data from the computer and installs a virus. This virus locks the data on the computer. Via a pop-up on the screen, the criminals let you know that the data is accessible again after payment of, for example, Bitcoin. If you do not pay on time, the criminals threaten to disclose your personal data. This will jeopardize the trust relationship with your customers.

How do I prevent a data breach?

Protect your online privacy and that of your customers by using good cybersecurity software. Guardey is one such software package. Thanks to Guardey, employees can exchange data securely, without criminals being able to do anything with it.

Notify the customer
First of all, your customers must be aware that you store their data. Make this very clear, and also explain why you are doing this.

Use good security
In addition, ensure that all sensitive data is protected with a strong password and possibly multi-factor authentication. Also, prevent third parties from accessing these passwords.

Keep your team informed
It is also wise to have regular conversations with your team. This way you can remind them how to process personal data, what is going well in this area, and what can be improved.

Business VPN
Employees who work remotely can connect to the company network via a corporate VPN. The necessary data is packed with a secure layer. For example, possible cyber criminals cannot do anything with the data, because they cannot access the data. Only the employee who has access to the VPN can access and use the files. Employees can establish the VPN connection in an instant via Guardey.

Train employees through a game
In Guardey, employees can use a game. This game makes them aware of their online behavior. For example, employees learn how to recognize unreliable e-mails, but also what they can and cannot share with third parties.

Cyber alerts
Guardey continuously scans the company network to see if there are any suspicious activities. This way a ransomware attack can be prevented.

Try Guardeys cybersecurity software now for 14 days for free!

We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

Frequently Asked Questions

What is Guardey in short?

You just want to know what Guardey is, in a few lines, not scrolling through the whole website. We got you covered. Here you are:

Guardey focuses on three parts of your cyber security:

A safe and encrypted VPN connection via Guardey’s secure infrastructure or a Site-to-Site VPN.

We analyze information packages from the data going through the VPN tunnel, give clear insights into your data infrastructure, and provide alerts in case of threats like ransomware, viruses, and irregularities in your network.

Your cyber security is as strong as your weakest link. With Guardey, you can educate your whole team and increase awareness in a fun and efficient way through gamification.

It’s an advanced software as a service with applications for Windows and Mac OSX and an online platform for reporting and managing your teams and company policies.

How does the free trial works?

Your free 14-day trial with Guardey is based on our Basic plan. In our basic plan, all the alarms will only be available for yourself or your own company, and you manage the alarms in-house. We don’t need any payment information to start your trial, and you can invite as many users as you want.

The majority of SMEs don’t have an in-house IT department or a team of cyber security specialists. Therefore we also offer Guardey co-managed and Guardey custom. In both plans, you are able to connect Guardey to a preferred Guardy IT partner or, of course, your own IT partner.

They can semi or fully manage the alarms and the health of your infrastructure so that you can focus on your business.

After your 14 days of the free trial, you can decide if you want to continue with a paid plan. Upgrading during your trial period means you stop your trial and upgrade to a paid plan. You need a verified payment method to upgrade.

How can I pay after the trial period?

We don’t ask for any payment information to start your trial.

If you want to upgrade during or after your free trial to a paid plan, you can use one of the below payment methods:

  1. Credit cards (Visa, MasterCard, American Express, Maestro, PostePay, Cartes Bancaires)
  2. PayPal
  3. Direct Debit (iDeal SEPA)
Can I up- or downgrade to a different plan?

Yes you can! You can always upgrade immediately and costs are calculated pro-rata on your next invoice. A downgrade will be effective from your next payment period.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk ter Harmsel

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial
Hey, wait!

Before you go, let us offer you a free 14-day trial.