Kast met ordners, foto Viktor Talashuk

Handling personal data with care

How does Tilburg University deal with data leaks?

Tilburg University is obliged to register data leaks and (in a number of cases) report personal data to the Authority. There is a short legal deadline for this; the notification must take place within 72 hours after the discovery.

A data breach is a breach of security as a result of which personal data is lost, unlawfully displayed or processed.

Attention: in case of doubt, always report internally.

Examples of (possible) data leaks

  • A lost flash drive on which personal data was stored.
  • A stolen laptop or phone.
  • Leaving exams on the train.
  • A hard drive that is thrown away without properly erasing the research data on it.
  • A virus on a computer that has access to personal data.
  • An intrusion into a data file by a hacker.
  • An error in a website which causes personal data from person A to person B to be shown.
  • An email with a file containing personal data that is sent to the wrong recipient.

Recording data leaks 

Tilburg University is obliged to register data leaks and (in a number of cases) report personal data to the Authority. There is a short legal deadline for this; the notification must take place within 72 hours after the discovery. In some cases Tilburg University will also have to inform those involved about the data breach. In addition, it is important that we learn from data leaks and, where necessary, can take measures to prevent new data leaks or minimize the damage.

Anyone working under the responsibility of Tilburg University who knows or suspects that there is a (possible) data breach or breach in connection with personal data must report this as soon as possible via datalek@tilburguniversity.edu