In May 2018 the new European privacy regulation comes into force: the General Data Protection Regulation.
From that moment onwards all organisations processing personal data are obliged to satisfy the new privacy regulation.
The European Privacy Directive of 1995 gave Member States room to develop their own privacy legislation. This resulted in differences between the legislation of the different countries. The General Data Protection Regulation was devised to standardise the legislation across the board. The GDPR therefore replaces the Dutch Personal Data Protection Act (WBP).
The new privacy regulation applies to all organisations processing personal data in business transactions. The GDPR also applies to companies that exchange personal data between them where this involves automated personal data processing. This includes outsourcing of salary administration or external hosting of websites or applications.
The new privacy legislation requires proper preparation so that you can implement the GDPR on time. The drafting of an internal privacy policy, the carrying out of Privacy Impact Assessments and the improvement of IT-security is a good start. Make sure that you are able to meet the new privacy regime properly prepared. By doing this you will avoid annoying fines.