The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.
It will not have escaped many notice that from 25 May 2018, the General Data Protection Regulation will come into effect. This regulation replaces the current Personal Data Protection Act that we have in the Netherlands. From 25 May, the same privacy rules apply throughout the EU. There is a wealth of information online about the content of the law.
Businesses are required to implement the GDPR in their daily operations. This is not an easy task. Dialogic helps you get started by outlining the key points.
1_ Be aware of the rights of data subjects
Data subjects whose personal data you process have more privacy rights under the GDPR. Among other things, data subjects have the right to be 'forgotten' and the right to data portability. If you receive such a request, you are obliged to comply. Keep in mind that data subjects can lodge a complaint with the Dutch Data Protection Authority. They are then required to handle this complaint. This could result in your business receiving a fine.
2_ Privacy by design and privacy by default
Consider in advance how you process only necessary personal data and how to protect and manage it. For example, ensure that a web form does not automatically have a pre-checked box for signing up for a newsletter. Also, do not request more information than necessary in forms; for instance, do not ask for location in an app if it is not required.
3_ Maintain an overview
Clarify what happens within your company concerning personal data and for what purpose the data is processed. When processing personal data, it is usually necessary to keep a record of processing activities.
4_ Consider performing a data protection impact assessment
Your intended data processing may pose a high privacy risk. In that case, you can carry out a data protection impact assessment (DPIA).
5_ Establish a procedure for reporting data breaches
Stricter requirements apply under the GDPR regarding reporting data breaches. Every data breach must be documented, and data subjects must be informed as soon as possible. The guidelines (pdf) on data breaches are not yet final.
6_ Create a data processing agreement
Does your company collaborate with another party that processes data on your behalf? If so, establish a data processing agreement. This agreement defines how responsibilities are divided concerning the processing of personal data.
Want to know more? Read the article from the Dutch Data Protection Authority (pdf).
Disclaimer
This information provides a concise overview of what the GDPR entails and should not be considered as (legal) advice. We recommend seeking legal assistance to ensure your business handles personal data correctly.