General Data Protection Regulation- The Dutch Personal Data Protection Act (WpB) was replaced in May 2018 for the European privacy regulation, the ‘General Data Protection Regulation’ (GDPR / AVG). This regulation ensures the same rules around privacy across Europe. The new law has a lot of impact for business as there are many changes. Are you already aware of what the consequences are for your organisation? Protify supports with conducting a DPIA (Data Protection Impact Assessment).
The General Data Protection Regulation ensures:
- clarity, transparency and strengthening of privacy rights;
- Formalisation of powers for all regulators in Europe;
- More responsibility with organisations.
This law applies if the data subject (the person) and/or the data controller or processor (the organisation) are resident/established in Europe. So it also applies to storage and processing of personal data of EU citizens if it is done outside the EU.
There is a single European law since May 2018 and organisations only need to engage with one Data Protection Authority (DPA). National DPAs, such as the Personal Data Authority (AP) in the Netherlands, will then be coordinated by one European Data Protection Board (EDPB).
Data protection impact assessment (DPIA)
As an organisation, it is important to comply with the regulation. This can be done by identifying the privacy risks in a structured and clear manner by carrying out (or having carried out) a DPIA. A DPIA encourages companies to think about questions such as:
- What is the impact of the proposed project on the privacy of the data subjects (the people whose personal data you process)?
- What are the risks to those involved and to the organisation?
- Is there an approach possible that has less impact on privacy.
Want to know more about GDPR / AVG or the DPIA?
The GDPR / AVG has a lot of impact for business. Contact one of our consultants for more information and/or a personal discussion. We will be happy to help you.
