GDPR
The General Data Protection Regulation (GDPR) replaces the national data protection laws in all EU countries.
In the Netherlands, it replaced the Wet Bescherming Persoonsgegevens (WBP).
GDPR specifies how personal data is to be used and protected and applies not only to EU organizations, but also to non-EU companies, for example when they process personal data in the context of selling goods and services to citizens in the EU.
Within these companies, GDPR has impact on all processes from marketing and sales to customer service, finance and administration.
Non-compliance can result in penalties of up to 20 million Euros or 4% of global revenue.
These measures are intended to hold companies accountable within the growing data economy and strengthen an individual’s control over their personal information and privacy.
As a result, companies have to
1. allow data subjects to access their personal information
2. designate a data protection officer (DPO) dedicated to the protection of personal data in case of activities with a high privacy risk
3. report data breaches within 72 hours to the supervisory authority as well as the data subject
GDPR compliance is not a one-time activity, but a continuous process. Organisations need to embed privacy and data protection into their culture.
This requires fundamental changes to a company’s infrastructure to ensure data is not stored longer than necessary and is destroyed or anonymised in a timely fashion.
KVdL’s Privacy team is highly specialized in this field and supports companies on their way to compliance.