On the 25th of May, the whole European Union will adapt a new data protection law, the General Data Protection Regulation (GDPR). That’s a bit of a tongue breaker, but luckily most people stick to the abbreviation. Although the need for this new law has been recognised by most, for the many it seems a bit daunting. The law is incredibly comprehensive, and is often described as the largest overhaul of data protection regulations since the introduction of the internet.
But this GDRP also creates opportunities. As a business, it can be beneficial to have your GDRP up to date, showing your visitors, customers and employees you handle their sensitive data with care. This sensitive data is, just like the law itself, incredibly comprehensive, for it includes everything there is to know about a person. Think about names, photos, email addresses, HR files, but also IP-addresses and internet profiles.
Inform and clarify
Once the law comes into play on the 25th of May, the first thing you have to do as an organisation is inform your stakeholders. You have to clarify what personal data you collect, and why you collect it. Then you also have to inform them what you do with the data you’ve collected; where you store it, how long you store it for, how secure this data is, and who you share it with. The best place to do this, is in a privacy statement.
If, as an organisation, you have (partly) outsourced the processing of personal data, or when this data has been stored with a third party, you’re obliged to sign an agreement with these external companies, a so-called processor agreement. This ensures that the third parties with whom you work also process personal data in a secure manner.
But you’re not done yet. People can request to see what data you’ve collected of them, and to change or delete this data. This new law enables people to get a better grip on their own data in cyberspace.
Our own privacy check
No idea where to start on these new privacy regulations? Don’t worry! Together with JADE Solicitors, we have developed an online, user-friendly privacy check so that every organisation can adhere to the GDPR (www.wet-weter.nl). By answering short yes or no questions, you can find out which steps you have to take to comply with the new rules.
For those organisations we manage a website for, we have developed a special GDPR package with which you can get going. Please subscribe by sending an email to firstname.lastname@example.org.