Is your organization GDPR Proof? As of the May 25, 2018, the new data protection law called The General Data Protection Regulation or GDPR is in force. This law applies to all organizations in Europe because almost all organizations handle personal data of employees and/or clients. The aim of the GDPR is not only to guarantee protection of personal data within the European Union, but also to secure the free exchange of data within Europe.
The General Data Protection Regularion (GDPR) as replacement of the Personal Data Protection Act (‘Wet bescherming persoonsgegevens’ (Wbp))
The GDPR has replaced the Wbp in the Netherlands. This directive has been replaced back in May 2016, but organizations were given until May 2018 to adjust their business operations to meet the criteria of the new directive. In short, the ‘processor of personal data’ must comply with the following:
- Transparancy. The person whose data is processed, has given permission for the processing of the personal data.
- Purpose limitation. The data is solely used for the purpose for which it is acquired.
- Data limitation. Only the data required for the purpose may be acquired.
- Correctness. The data must be and remain accurate.
- Storage period restriction. The data may not be stored longer than necessary.
- Integrity and confidentiality. Personal data must be secured and also protected against unauthorized access, loss or destruction.
- Accountability. The accountable party can demonstrate it adheres to these rules.
GDPR Training: Prevent fines, be GDPR proof!
If your organization is not yet fully aware of the contents of the General Data Protection Regulation, then it is advisable to follow a training. Our legal counsels will give these trainings at our office or in-house at your convenience. After following the training, you will understand the directive. You will also understand the overall of ins- and outs of how to apply it in your organization.
We will discuss, amongst others, the following during the GDPR Training:
- What are personal details
- Who and what is the controller
- Who is the processor
- The processor agreement and processor register
- Prohibition on processing of special data
- The Personal Data Authority (AP – Autoriteit Persoonsgegevens)
- Which measures you must take
- Reporting obligation for data leaks
Interested in our GDPR training?
Investigation by the Dutch Data Protection Authority
The Dutch Data Protection Authority (AP – Autoriteit Persoonsgegevens) oversees whether companies comply with the privacy regulation. Where necessary, the Dutch Data Protection Authority advises on, corrects and penalizes organizations that cross the line. It is therewith the ‘privacy watchdog’ in the Netherlands that guarantees the privacy of its citizens.
GDPR as part of the Legal Business Scan
The Legal Business Scan is a proper tool to have a closer look at your organization from a legal perspective. By utilizing the scan, you will know whether your contracts / agreements are in order and whether you comply with the strict terms of the GDPR.
Make your organization GDPR Proof!
Are you not interested in a full Legal Business Scan, but you would like to receive advice regarding the GDPR? Or do you, for example, only have one urgent question? Feel free to contact our Legal team.