FFCheckPrivacyCheck
NLEN
🚨 What now? privacy problemsHIGH URGENCY

My medical data has leaked — what now?

Special category data (GDPR Art. 9) — extra strict rules. Engage healthcare provider, inform IGJ, AP complaint, damages claim. High fine pressure.

Last reviewed: 25 May 2026Reviewed by FFCheck-redactie
Medical data falls under special category data (GDPR Art. 9) and receives the highest protection. On a breach fines are higher (Art. 83(5)) and the notification duty is stricter. On high risk the healthcare provider must inform you directly (Art. 34) — not just notify the AP. Two parallel routes: (1) Complaint at the healthcare provider itself + IGJ for the quality/care aspect. (2) AP complaint for GDPR enforcement + civil claim Art. 82 for damages. Damage amounts in Dutch case law: medical data leaks typically receive €1,000-€5,000 in non-material damages — higher than regular data because the impact (privacy + reputation + possible discrimination) is greater. Important: keep all correspondence. IGJ + AP often share information — one complaint feeds investigations at both.

Step by step

  1. Engage healthcare provider in writing

    Email to DPO + management. Ask: what data leaked, cause, measures taken, written confirmation of Art. 34 notification to you. Deadline: 14 days.

  2. IGJ notification in parallel

    Via igj.nl reporting form or 088-120 50 00. Include case number + healthcare provider correspondence. IGJ can launch oversight investigation.

  3. AP complaint (GDPR aspect)

    Our AP complaint generator (€9.99) builds the letter. On high risk where they didn't notify you: serious violation.

  4. Art. 82 damages claim

    Civil court. Document: stress, sleep issues, impact on work/relationship, therapy costs. On income <€33k: subsidised legal aid via Legal Aid Council.

Ready to act?

We'll draft the right letter for you

Personalised PDF · Send-ready · One-off €9,99
  • ⚡ PDF in your inbox in 60 seconds
  • 📄 BTW-compliant invoice included
  • ↩️ 30-day fix-it guarantee

Sources

🔎 Common search variants

Recognise your own search? Our answer above covers these too.

  • medical data breach netherlands
  • health record leak
  • medical privacy breach gdpr

Related on PrivacyCheck