In May 2018 the new European privacy regulation comes into force: the General Data Protection Regulation.
From that moment onwards all organisations processing personal data are obliged to satisfy the new privacy regulation.
The European Privacy Directive of 1995 gave Member States room to develop their own privacy legislation. This resulted in differences between the legislation of the different countries. The General Data Protection Regulation was devised to standardise the legislation across the board. The GDPR therefore replaces the Dutch Personal Data Protection Act (WBP).
The new privacy regulation applies to all organisations processing personal data in business transactions. The GDPR also applies to companies that exchange personal data between them where this involves automated personal data processing. This includes outsourcing of salary administration or external hosting of websites or applications.
The GDPR introduces a number of new obligations. Some of these changes are noteworthy.