blauwe achtergrond met golven en rood poppetje ervoor
blauwe achtergrond met golven en rood poppetje ervoor

New data breach notification form

News item

Wednesday 28 January is Privacy Day. A good moment to take a look at the new data breach form. This form makes it easy to report a (potential) data breach.

According to the GDPR, everyone is obliged to report a (potential) data breach, regardless of its size. The university's privacy experts will determine the severity of the report and any necessary actions. But what exactly is a data breach and how can you report it?

What is a data breach?

A data breach is a situation in which personal data is shared, accessed, destroyed, altered or lost without intention (accidentally or deliberately). Examples include:

  • An annual review report sent to the wrong person (e.g. a student instead of a colleague).
  • An email with the email addresses of all recipients in CC instead of BCC.
  • Losing an unencrypted dictaphone with audio recordings.
  • A ransomware attack that prevents you from accessing your files.
  • Student essays left lying around near the printer.
  • A system in which you can see more data than you need to do your job (overly generous access rights).
  • Loss or theft of equipment containing personal data (e.g. your laptop, phone or hard drive).
  • Loss or theft of non-digital resources (e.g. a campus card or paper documents containing personal data).

How do you report a data breach?

You can easily report a data breach using the new form in Topdesk. If you are not on campus, turn on VPN. Many fields in the form are already filled in and you can briefly explain the situation.

Go to the data breach form

 You can also report a data breach by telephone to the ICT Helpdesk by calling them on: 024 - 36 22 222.

When should you report a breach?

  • When you suspect a data breach.
  • When company assets or private equipment containing personal data related to Radboud University, such as a laptop or telephone, are lost or stolen.

Handling a report

After you report it, a privacy or security expert will assess the nature of the report. If necessary, they will contact you. In the event of a serious breach, the university will report it to the Data Protection Authority. In other cases, the data breach will be handled internally.

It is important that even a “minor” data breach is reported, so that the privacy organisation can gain an insight into common minor incidents. An example of this is an email containing an annual review meeting that you accidentally sent to the wrong colleague. Perhaps the colleague deleted the email immediately, thereby resolving the data breach. Nevertheless, the privacy organisation would like to receive such reports so that it can gain insight into common incidents.

Contact information

Organizational unit
Information & Library Services

See other news

Laptop met handen

New code of conduct for staff and students regarding ICT and internet use

News item

The new code of conduct on the use of ICT and the internet within the university provides guidelines for the safe, careful and professional use of digital resources such as email, laptops, cloud storage, social media and collaboration platforms.

Ilustratie van golven met blauwe ogen op een donkerblauwe achtergrond

Complete the e-learning course: For your eyes only

News item

Complete the e-learning 'For your eyes only'befor the end of January. You will learn how to work more consciously and digitally securely. After all, digital security is a top priority for the university. Technology protects. You make it secure.