My data leaked at a business — what now?
Protect yourself first (passwords + bank), then hold the company to its notification duty, possibly damages claim under GDPR Art. 82.
Step by step
Secure your own accounts
Immediately: change the password of the leaked account + everywhere you reuse it. Enable 2FA. Check haveibeenpwned.com for other leaks containing your data.
Alert bank on financial risk
If banking details, credit card numbers or payment methods leaked: call your bank immediately (24/7 line) and block cards. Request new cards and monitor transactions.
Demand explanation from the business
The business must inform you on high risk (GDPR Art. 34). Ask in writing: what data leaked, when discovered, was AP notified, what mitigations taken.
File access request
Send a GDPR Art. 15 access request to see WHICH data they hold. Sometimes turns out they know far more than you thought. Our generator: /privacycheck/genereer/inzage-verzoek/
Complaint to AP
If the business didn't (or belatedly) inform you, or didn't notify AP: file complaint via autoriteitpersoonsgegevens.nl. The AP prioritises data breach enforcement.
Consider damages claim
GDPR Art. 82: damages for material AND non-material harm (stress, identity theft risk). Small claims: civil services counter or sub-district court. Larger claims or big businesses: collective action via Consumentenbond or Privacy First.
We'll draft the right letter for you
- ⚡ PDF in your inbox in 60 seconds
- 📄 BTW-compliant invoice included
- ↩️ 30-day fix-it guarantee
Sources
🔎 Common search variants
Recognise your own search? Our answer above covers these too.
- “data breach what to do”
- “my data leaked”
- “company leaked my data”
- “gdpr breach damages”