The GDPR, are you ready for it?

The GDPR is a new worldwide standard for privacy rights, the protection of privacy rights and compliance. The GDPR came into force in April 2016 but has only applied to the Netherlands since 25 May 2018. This regulation, which is internationally referred to as the General Data Protection Regulation (GDPR), is referred to in the Netherlands as the Algemene Verordening Gegevensbescherming (AVG). The AVG replaces the current Personal Data Protection Act (Wet Bescherming Persoonsgegevens, WBP).
The AVG has established new or adapted rules for companies, government bodies, non-profit organisations and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data regarding EU citizens. No matter where these organisations are located, the AVG applies.
The GDPR is intended to safeguard and protect the privacy rights of individuals. The GDPR consists of of strict general privacy requirements of individuals – residents of the EU – that prescribe how personal data must be managed and secured, where you must bear individual choices in mind, regardless of where the data is sent to and where it is also processed and stored.
We have started a process that will lead to achieving the GDPR’s privacy objectives. Privacy is a fundamental right. We believe that the GDPR is an important step forward towards clarity about individual privacy rights and towards observing them. We have also noticed that organisations all over the world must implement significant changes in order to adhere to the GDPR. Chances are that the GDPR process will present you with a lot of challenges. We would like to help you overcome these.
We therefore recommend that you focus on the following four steps at the start of the GDPR compliance process:
  • Identification— determine what personal data you have and where it is stored.
  • Management— check how personal data is used and approached.
  • Security— establish security checks to prevent, discover and respond to vulnerabilities and data breaches.
  • Reporting— undertake action in the event of data requests, report data breaches and retain required documentation.