Personal touch in finance

10 januari 2017

New European Privacy legislation: the General Data Protection Regulation

10 januari 2017

In May 2018 the new European privacy regulation comes into force: the General Data Protection Regulation.

From that moment onwards all organisations processing personal data are obliged to satisfy the new privacy regulation.

Why the General Data Protection Regulation?

The European Privacy Directive of 1995 gave Member States room to develop their own privacy legislation. This resulted in differences between the legislation of the different countries. The General Data Protection Regulation was devised to standardise the legislation across the board. The GDPR therefore replaces the Dutch Personal Data Protection Act (WBP).

To whom does the General Data Protection Regulation apply?

The new privacy regulation applies to all organisations processing personal data in business transactions. The GDPR also applies to companies that exchange personal data between them where this involves automated personal data processing. This includes outsourcing of salary administration or external hosting of websites or applications.

What changes with the new privacy legislation?

The GDPR introduces a number of new obligations. Some of these changes are noteworthy.

  • The compulsory execution of a Privacy Impact Assessment when personal data is processed which entails large privacy risks;
  • The obligation for organisations to set out a privacy policy;
  • Privacy by Design where companies already embrace privacy protection in the design phase of a product or service, or Privacy by Default, where the standard is set at maximum privacy protection;
  • Documentation requirement for personal data processing, a change of the notification requirement under the current WBP;
  • The preservation of the notification duty in case of data leaks, but with a lowering of the threshold.

How can you prepare for the GDPR?

The new privacy legislation requires proper preparation so that you can implement the GDPR on time. The drafting of an internal privacy policy, the carrying out of Privacy Impact Assessments and the improvement of IT-security is a good start. Make sure that you are able to meet the new privacy regime properly prepared. By doing this you will avoid annoying fines.

Nieuwsarchief 2017

Together as One.
Borrie is a Member of the Alliott Global Alliance of independent professional firms.