AMSTERDAM - Citizens must assume that their personal data has already leaked or that this will happen at some point. The Dutch Data Protection Authority came to this conclusion five years after the introduction of the General Data Protection Regulation (GDPR). The watchdog said that Netherlands residents must “work” on their protection to prevent their data from leaking.
For example, the watchdog advised to use a different password everywhere and to use secure login methods if organizations offer them. The authority also called citizens to use their privacy rights, like requesting organizations to delete their data. “The less data organizations have, the less risk you run,” the service said in its annual report on data breaches in 2022.
Last year, the authority received 21,151 reports of data breaches, compared to 24,866 the year before. The number of reported data breaches due to cyber attacks also fell slightly, from 2,210 in 2021 to 1,826. In 2021, the watchdog “had no words” for the then explosive increase in cyber attacks. That was mainly due to the coronavirus pandemic when citizens and businesses had to arrange all sorts of things digitally in a hurry.
The slight decrease can also be explained by the way in which organizations report leaks. If one organization makes many reports, that can distort the number. “Or that organizations adapt their processes so that fewer mistakes are made that lead to a data breach,” the authority explained. The watchdog stressed that the decline is not structural.
Most reports of both data leaks and cyber attacks came from the healthcare sector. “This is due to the enormous clustering of personal data,” said Dennis Davrados, Inspector and Coordinator of Team Data Leaks. According to the regulator, this always concerns medical data. The three largest cyber attacks at IT suppliers in healthcare institutions alone have affected around 900,000 victims.
The number of leaks in financial services, like mortgage lenders, fell by almost a third from a year earlier. In public administration, such as municipalities, data breaches dropped 16 percent compared to 2021.
The watchdog has processed over 114,000 data breach reports in the past five years. That is between 20,000 and 25,000 per year. According to the organization, that number will remain stable in the coming years. Over 6,500 of all reports concerned cyber-attacks. The number of cyber attacks is increasing proportionally, according to the watchdog.