By now, you will have heard the term 'GDPR', or General Data Protection Regulation. This is a 'new' European Union law which came into effect on 25th May. If you commit to following this 6-blog series, you’ll attain a solid knowledge base about the GDPR and how it affects you and your business:
1. Introduction to the GDPR
2. New roles under the GDPR
3. Compliance and penalties
4. Rights of data subjects
5. Privacy contracts
6. Context of personal data
The GDPR concerns the topic of data protection in the EU which extends the rights of persons whose data is being processed. This ‘new’ regulation, the GDPR, replaces the current EU Data Protection Directive in order to ensure that data privacy laws become the same for all EU citizens.
One of the crucial differences is the GDPR is a regulation which EU members must implement whereas the DPD was a directive which only suggested how EU members should create privacy laws in their own country.
The biggest advantage of this is the laws are now the same in each EU country and organizations operating in the EU can apply the same privacy techniques to all countries. However, countries do have the right to extend the law with their own implementation law. This is mostly done for country-specific user information which isn’t protected (enough) by the GDPR. An example is the Dutch BSN number which is protected in the Dutch implementation law but not in other EU countries. So keep in mind, that although the basic regulation is the same, there may still be additional regulations in place for specific countries.
The good thing for us*, is a large part of the GDPR is based on the Wet Bescherming Persoonsgegevens. The biggest change, and the reason why the GDPR has caught so much attention, is that it comes with much higher penalties, forcing companies to rethink their strategy and actually start implementing privacy techniques (which, technically, they should have previously had in place). So for the few who fully complied with the WBP, there are no major changes. For the rest of you, there may still be some work to do! Make sure not to miss our latest blogs in order to stay informed about what still needs to be done within your own business.
* us = the Netherlands; where the GDPR translates to Avg or ‘Algemene Verordening Gegevensbescherming’.
Upcoming topic: We’ll explain the new roles that come with the GDPR.