Skip to content

How can and should I act after a data breach?

Afterwards, participants in this module can draw up a “data breach scenario” for their own organization using the provided model. They also know how they must document which evidence in order to be able to demonstrate that the controller meets and can meet all requirements on this point of the Avg. Reporting a data breach may mean that the (in) suitability of information security is taken into account en passant in the assessment by the AP or another supervisory authority.

Teachers: Ans Duthler or Anne-Wil Duthler

Start: on request

Duration: part of the day (10:00 to 14:00)

Investment: €500, – excl. VAT


The previous module (B4a) discussed in detail the importance and method of being properly prepared for a data breach. In this module we assume that a data breach occurs. What steps must be followed and what decisions must be made? What role does the DPO play? And what if a sanction has to be imposed?

Module B4 consists of two parts, namely:

  • B4a: Being prepared for a data breach
  • B4b: How can and should I act after a data breach?

The component is based on 16 hours of self-study.

The starting points for the design of this module have been that this module is not about legislation in itself. This has already been discussed extensively in previous modules. Central to module B4 (a and b) is what the world looks like before and after a data breach and which “forces” play a role in this, such as the role of management, security in a broad sense, the formal legal settlement, PR and coordination of external expertise).

Obligations associated with this part

To fulfill the obligations under this section, you must:

  • Make a diagnostic test, in preparation for the subject matter to be followed;
  • Take a diagnostic test after the self-study, which must be completed with a pass. This is a condition for participation in the workshop;
  • To be present during the workshop;
  • A final exam with a passing mark.

Study load

The self-study takes about 16 hours, the workshop takes about 4 hours and the final exam takes about 2 hours.

Investment and sign up

After registration you will have direct access to the course in our learning environment. The total costs for the module are €500 (excluding VAT and per person). Participants of the Center for Information Security and Privacy Protection (CIP) and the The Hague Security Delta receive a 15% discount on the entire training offer. Contact our service desk.

Private individuals and government institutions are exempt from VAT.


Fill in the form below and we will contact you to discuss the possibilities. Our training courses are always tailor-made. We are happy to take your specific wishes into account.

    Do you have questions or need an appointment?

    Feel free to contact us at +31 (0) 70 392 22 09 or Make an appointment with one of our training advisors.