Data Breaches

To gain insight into the status of data breaches, they must be registered.
It is impossible to know in advance whether a data breach will ultimately turn out to be one or just a suspicion.
All the research and the information collected needs a central location, and MexonInControl provides that.

Try it yourself? Request more information Datasheet MexonInControl for Privacy
Data Breach MexonInControl English

Registering and processing data breaches (or suspected data breaches)

During the registering and processing of a (suspected) data breach it is important to record all relevant information.

Data breaches can be created in MexonInControl in various ways:
  • A questionnaire, which starts by use of a Button or Link, on the external website of the organization
  • A questionnaire, which starts by use of a Button or Link, on the internal website or for instance MS Teams or Sharepoint
  • A questionnaire (assessment) that is assigned to someone in MexonInControl
  • By creating and detailing the data breach in the data breach register of MexonInControl
You record all information that can later be used for analysis, improvement of measures, providing information and, of course, a possible notification to the Data Protection Authority.

Even if it turns out, fortunately, not to be a data breach, it is important to record it. This creates insight into the number of reports, the number of actual data breaches and all the cross-links that can be made. Gaining insight into which administration or application has the most data leaks.

Characteristics of a data breach in MexonInControl

MexonInControl's objective is to be able to monitor progress and make connections with other recorded information. This creates valuable insights for later purposes.

The following information is available:
  • The complete detailed (possibly external) notification of the data breach
  • The parties internally involved in the processing
  • The externally involved parties in the processing
  • The applications, processes or systems - potentially - affected
  • The -potentially- affected measures that have been taken to counteract vulnerabilities
  • Progress of processing
  • Details of any reported breach at the Data Protection Authority


Reporting to the (Dutch or other) Data Protection Authority (DPA)

If a reported breach actually is a data breach and it meets the criteria for reporting to the DPA, then the next phase begins.
But before you go (too) quickly in reporting to the DPA, it is wise to consult the following sources,

You can click on the lines below to open a new page:

"You sometimes hear and read that people report to the DPA preventively, so as not to miss the deadlines.
Be careful with that, the DPA is understaffed and therefore does not get round to, possibly, the more relevant matters."

Don't forget

MexonInControl helps you not to forget:
  • Meet the deadlines
  • Inform the right people
  • Evaluate the measures taken
  • Putting the right people in charge

On the website you can find information about data breaches in the Netherlands. website