Become a Partner
Back to Resource Center

Data breaches at companies

Nowadays, people share all sorts of things on the internet, especially on social media. Think of messages on Facebook, Instagram, Twitter, and WhatsApp. When sharing these messages, people often do not consider their privacy.

In addition to sharing information about leisure activities, personal data is also shared with companies. This is almost always done via a contact form on a website, via a chat box, or on WhatsApp. As a company, it is crucial to protect this data. When a consumer shares something with a company, the company is responsible if this data becomes public.

In this article, you can read about the consequences of a data breach and what we can do for you as a company. We, therefore, recommend that you read the entire article because a data breach can put your company in serious trouble.

When does a data breach occur?

Your company is dealing with a data breach if third parties obtain personal data that is stored by your company, while they are not allowed to see it. It doesn’t matter how this data is leaked. As a company, you can’t hide behind anything. Even if you accidentally sent personal data to the wrong e-mail address, there is a data breach.

It is important to remember that a data breach may only be discussed when personal data is leaked, such as names, phone numbers, email addresses, and passwords.

What do you as a company have to deal with in the event of a data breach?

A Dutch company must report a data breach to the Dutch Data Protection Authority as soon as possible. By law, this must be done within 72 hours. You can do this via

The Dutch Data Protection Authority divides reports about data breaches into different levels. In the event of a serious data breach, the Dutch Data Protection Authority refers to the leakage of a large amount of personal data, which can have a major impact on someone’s life.

A data breach is labeled ‘severe’ when the following data is leaked:

  • Login details
  • Medical information
  • Identity cards
  • Financial data
  • Data about race or creed

As a company, you are obliged to report the data breach to all those involved. This allows them to take timely measures that can prevent major damage. For example, you must offer the data subjects to change their password.

You do not have to inform the data subjects when the personal data is protected with encryption. This means that third parties have access to the data, but cannot view it thanks to security. You should, however, be sure of this. If the Dutch Data Protection Authority believes that you should have informed the data subjects, you can still be fined. You are guaranteed this if you intentionally conceal a data breach. The fine can be up to €820,000 or 10% of the annual turnover.

The Dutch Data Protection Authority can impose a binding instruction if it appears that no intent is involved, or no serious culpable negligence can be demonstrated. You must comply with this instruction.

Your Plug & Play Cybersecurity solution

Can you process personal data?

How can you be sure that you are allowed to process personal data? The Dutch Data Protection Authority has drawn up a step-by-step plan for this, which you as an SME can adhere to. The following four points are important for SMEs:

  • As an SME, you may process personal data to perform an agreement.
  • You may have to process personal data because this is required by law.
  • As an SME you may also process personal data if someone has permitted this.
  • You may process personal data if this is based on legitimate interest. Do you want to know if this is the case? Then click on this link!

What can criminals do with the obtained personal data?

Criminals can use personal data to copy an online identity. That way they can commit identity theft. They pretend to be someone else to commit crimes without hindrance. They can use the data, for example, to gain access to your bank account.

More examples of identity fraud

  • Order products under someone else’s name
  • Create a credible social media account to scam someone
  • Conclude agreements under someone else’s name


As a company, you naturally do not want to be partly responsible for this misery. It is therefore extremely important to protect the online privacy of your customers.

Criminals do not only misuse the personal data obtained to make life miserable for their customers. They can also use it to extort your business. They do this by using personal data as ransomware. This is malicious software that takes over and locks the computers within a company. Ransomware can also be the cause of a data breach.

Criminals often gain access to the company network through phishing. An example of phishing is sending emails to company employees with a dangerous attachment. When this attachment is downloaded, the criminal gains access to the employee’s computer. This appendix is, for example, called ‘invoice’.

The criminal then steals the personal data from the computer and installs a virus. This virus locks the data on the computer. Via a pop-up on the screen, the criminals let you know that the data is accessible again after payment of, for example, Bitcoin. If you do not pay on time, the criminals threaten to disclose your personal data. This will jeopardize the trust relationship with your customers.

How do I prevent a data breach?

Protect your online privacy and that of your customers by using good cybersecurity software. Guardey is one such software package. Thanks to Guardey, employees can exchange data securely, without criminals being able to do anything with it.

Notify the customer
First of all, your customers must be aware that you store their data. Make this very clear, and also explain why you are doing this.

Use good security
In addition, ensure that all sensitive data is protected with a strong password and possibly multi-factor authentication. Also, prevent third parties from accessing these passwords.

Keep your team informed
It is also wise to have regular conversations with your team. This way you can remind them how to process personal data, what is going well in this area, and what can be improved.

Business VPN
Employees who work remotely can connect to the company network via a corporate VPN. The necessary data is packed with a secure layer. For example, possible cyber criminals cannot do anything with the data, because they cannot access the data. Only the employee who has access to the VPN can access and use the files. Employees can establish the VPN connection in an instant via Guardey.

Train employees through a game
In Guardey, employees can use a game. This game makes them aware of their online behavior. For example, employees learn how to recognize unreliable e-mails, but also what they can and cannot share with third parties.

Cyber alerts
Guardey continuously scans the company network to see if there are any suspicious activities. This way a ransomware attack can be prevented.

Try Guardeys cybersecurity software now for 14 days for free!

We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

Frequently Asked Questions

I already have a firewall, do I still need Guardey?

Relying solely on a firewall for cyber security leaves your organization vulnerable to evolving and sophisticated threats. Cyber attacks target multiple vectors, including vulnerabilities in software, employee endpoints and web applications. Guardey works in conjunction with the firewall.

Firewalls keep out up to 80% of online risks. With Guardey, it is transparent which online risks did make it through the firewall. In addition, human errors are still too often made, so also train employees to work responsibly online.

I already have a VPN, do I still need Guardey?

It’s good that you are already using a VPN. This makes you invisible to malicious people, but at the end of the day, employees can still be vulnerable by bringing in the wrong orders or wrong websites.

Guardey is more than a business VPN. Guardey also provides monitoring in the VPN tunnel. This detects online risks and allows a quick response.

We are too busy for weekly gamification. Why should I play the gamification?

These days we are all busy, we recognise that 😉 All the more important is employee awareness. Make sure employees don’t accidentally make mistakes due to pressure. After all, that only creates extra work.

That’s why our challenges are only a maximum of 5 minutes and can be done quickly in between. A new challenge becomes available every week. As an organisation, do you want to play these challenges every week, every two weeks or every month? Of course, that’s no problem either.

Can I also play just the gamification?

Short answer: yes! It is possible to play just the gamification.

Have you already taken sufficient cyber security measures for your employees in the office and outside the office? But can awareness still be worked on? Then you can also play just the gamification. This can already be done very easily in just the browser. Check out our game only package here.

Is Guardey effective against phishing attempts?

Phishing is especially dangerous when you don’t know you’re dealing with phishing. That’s why our cyber awarness game is the first step against phishing. Make people aware of the dangers and make sure they have the right knowledge so they don’t click on anything.

Further Guardey plays a crucial role in detecting suspicious online activities. For instance, if a member of your organization interacts with a website known for hosting phishing content, Guardey will promptly alert you about the potential risk. By providing this proactive alert system, Guardey aids in preventing users within your organization from falling prey to phishing scams.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk ter Harmsel

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial