As of 25 May 2018 the Dutch Data Protection Act has been replaced by the European General Data Protection Regulation (GDRP). The new legislation sets additional and more demanding requirements in dealing with personal data.

A number of things are regulated differently in the new European regulation than in the current privacy laws, the main ones being:

  • Citizens acquire more rights;
  • Supervision of privacy has been improved;
  • Much more has to be arranged regarding the use and holding of personal data.

What is regarded as personal data?

Reports appear in the news quite regularly about the leaking of personal data or a personal data breach. Passwords, email addresses, user names are then in the public domain with all the distressing consequences. If we are talking about personal data this is general information about a person such as name, date of birth and gender. The law also speaks of special categories of personal data including but not confined to passport photos, Dutch Citizen Service number (BSN), religion and health.

The new privacy legislation as of 25 May 2018 - the first steps for KABK/University of the Arts

The Executive Board of the University of the Arts The Hague, as the ultimate body responsible for arrangements for the security of information and privacy, has drawn up a step-by-step plan comprising three main elements:

  1. Organisation of Information Security and Privacy policy (ISP);
  2. Arrangements for the implementation of Information Security and Privacy policy measures;
  3. Launch of the communication process with students, teachers, members of staff, parents and external parties about how we deal with personal data securely and responsibly.

The information security policy plan was drawn up and worked out in detail in 2017. The plan deals with our technical digital security measures, our relationship with the Data Protection Authority (the body that supervises compliance with the privacy laws) and how we deal with data breaches and suppliers that hold personal data from the University of the Arts The Hague.

A privacy policy plan was drawn up in 2018 determining the shape of the privacy policy at the University of the Arts The Hague. An external data protection officer has been engaged in order to comply with the requirement of external supervision.

There are a number of aspects of ISP policy that the University needs to arrange by law. The date of 25 May 2018 introduces a number of importance issues such as organising the rights of those involved ( including the right to be forgotten, the right to data portability, the right to subject access), stricter reporting obligations in the case of data leaks and the provision of guidance about dealing with personal data in an aware way.

What is a data breach?
A data breach involves unintentional access to, erasure of, amendment to or release of personal data by the University. A data breach includes the release (leaking) of data but also the illegal processing of data. Examples of data breaches are: a lost USB-stick with personal data, a stolen laptop or breach by a hacker into a computer file system.

What can you do?
A data breach must be reported immediately to the Data Protection Officer via

Dealing properly with personal data is not just the job of the University as an organisation but it is a responsibility of us all as individuals. Whether you are a members of staff, teacher or student these days we all have to be aware of the digital dangers.

What can you do?
A few tips:

  • Update all your software regularly; this makes you less vulnerable to viruses. Don’t just click off notifications, but take time (e.g. at lunch etc.) to implement them;
  • Don’t use separate hard disks or USB sticks to store information if you can help it; this helps prevent loss of confidential information;
  • Lock you screen if you’re absent for any length of time to prevent unauthorised access to information;
  • NEVER disclose your password, don’t click on unknown hyperlinks in emails and don’t open any unfamiliar files: this helps prevent infection from viruses;
  • Protect your laptop from theft or loss; if your laptop is lost or stolen report this immediately;
  • Surf securely: make sure you’re using a secure network. Check to see that the website you’re visiting displays a green lock. Look at the top in the url bar.

More information


We will update this page regularly in order to inform you about all kinds of privacy aspects, and to help you protect personal data.

Questions about GDPR at the KABK/University of the Arts can be directed to the IT department via and to Arthur Gieles – secretary Executive Board via

Data Protection Officer

If you have any questions about this privacy policy or if you want to report (suspected) data breaches and/or other (possible) incidents with personal data, you can contact the Data Protection Officer of the University of the Arts The Hague. Mail your findings to All notifications are treated confidentially and you always receive a response.

General information

More details about Information Security and Privacy policy can be found on the website