Automation and digitisation are making life and doing business a lot easier. Technological developments are taking place in rapid succession. In addition to being convenient, these developments involve risks as well, for example in terms of security and privacy. It regularly happens that personal data of customers or employees are wrongly made public or end up in the wrong hands.
The protection of sensitive data is an important issue for the Dutch government and the European Union. For that reason, the Personal Data Protection Act (PDPA) will be replaced by a more comprehensive European variant that is tailored to the digital era.
This legislation is known as the General Data Protection Regulation (GDPR) and is currently already in force. As of 25 May 2018 it will also be actively enforced by the Dutch Data Protection Authority (Dutch DPA). This means that all organizations collecting, editing or processing personal data must be GDPR-compliant as of that date. For that reason, organizations and their employees must make thorough preparations.
The new privacy legislation was created in order to arrive at better protection of personal data of individuals within the EU and to harmonise agreements in this respect. This way, European citizens can be sure that their data is handled and protected in the same way in all EU member states. This will affect the way in which personal data must be documented for virtually all bodies and companies. The definition of what exactly personal data is has been expanded and specified in the GDPR as well.
Partly due to this broadening of the term ‘personal data’, virtually every organization has privacy sensitive information at its disposal that falls under the GDPR. This includes customer data (including business e-mail addresses) copies of ID cards, credit card and/or bank details, employee’s details etc. In order to ensure that this information is stored, used and managed properly, the GDPR has dozens of guidelines and regulations.