Processing personal data is now a part of running any business. You process personal data relating to customers, suppliers and employees, and for various purposes. When doing so, all organisations have to abide by certain principles. In the Netherlands, these are drawn up by the Personal Data Authority, in accordance with the General Data Protection Regulation (AVG). There must be a legitimate reason, or “lawful basis”, for processing data. But what if there is a data breach?
What is a data breach?
A data breach is when personal data, such as names, addresses or financial information, is accidentally or unlawfully exposed, stolen or otherwise used by someone who should not have access to it. This could happen, for example, when a system is hacked, a USB stick is lost or an email is sent incorrectly.
How do you recognise a data breach?
You can spot a data breach if you notice unusual activity, such as strange files on your network, unauthorised login attempts, or complaints from customers who have received unsolicited messages or bills. Software slowing down suddenly or crashing more frequently can also indicate a breach.
What is the impact of a data breach?
The impact of a data breach can be significant. It could lead to financial loss, reputational damage and legal consequences for your company. For the data subjects whose data has been breached, it can lead to identity theft, financial loss and a great deal of stress. It can also cause reputational damage to your customers.
When should you report a data breach?
In the Netherlands, you must report a data breach to the Personal Data Authority within 72 hours of discovering it, especially if the breach is likely to pose a risk to anyone's rights and freedoms. You must also notify anyone affected if the breach might pose a significant risk to the personal rights and freedoms of the people involved.
How do you prevent a data breach?
Prevention is key in reducing the risk of data breaches:
- Secure your systems: Make sure your antivirus software is up to date and that all systems and software are updated regularly.
- Train your staff: Employee awareness is crucial. Train them how to recognise phishing attacks and handle data securely.
- Limit access to data: Not everyone needs access to all data. Limit access to what is necessary for someone's work. Think about the roles and access rights held by your colleagues in Floriday, for example.
- Take regular backups: Back up important data regularly and keep it somewhere safe.
- Adopt strong password policies and authentication: Encourage the use of strong passwords and, where possible, use two-factor authentication
Following these steps will significantly reduce the risk of a data breach and ensure a more secure digital environment for you and your colleagues in the floriculture industry. For RFH cyber subscribers a discussion session about this is held on the second Tuesday of every month. RFH colleagues will be on hand for you in a free cyber consultation.
Ask for help
What if you believe information has nevertheless been shared on an unauthorised basis with people within your company, whether deliberate or accidental? You can also contact the Data Protection Officer at Royal FloraHolland. The Data Protection Officer can provide advice on how to deal with this. Contact the Data Protection Officer at meldpuntdatalekken@royalfloraholland.com.
What we are doing towards a secure digital platform
Working with Royal FloraHolland, Floriday is looking to provide users with a secure digital platform. Which is why we are investing in an environment that is resistant to attack from cybercriminals. Royal FloraHolland is therefore one of the original founders of the Greenport Cyber Resilience Centre, where we are working with the entire sector on cybersecurity. We also offer growers and buyers a Royal FloraHolland Cyber subscription free of charge, to learn more about the subject and help with tips and advice.
There is a free monthly cyber consultation session especially for members of Royal FloraHolland (second Tuesday of every month). You can sign up here.