European privacy regulation for the collection and processing of personal data, aimed to better protect the consumer. This is called the General Data Protection Regulation (GDPR or AVG Algemene Verordening Gegevensbescherming in Dutch).
As of 25 May 2018, everyone in the European Union must conform to the regulations stipulated in the General Data Protection Regulation (GDPR). The GDPR ensures that personal data can only be collected under strict conditions and only if it is used for legitimate purposes. In addition, organizations are obliged to protect the collected personal data from improper use and respect the rights of all persons involved.
What should your company do in order to be GDPR-compliant?
be transparent and clear:
– indicate what personal data you collect and process
– explain why you use and process personal data
– clearly demonstrate how you collect the personal data
– specify how long you will store the personal data
privacy by design & privacy by default
make sure the correct protection of personal data is already taken into account in the design phase of the products and services. Make sure no additional data is registered without permission
Data Protection Officer
appoint a Data Protection Officer if you process data of more than 5,000 persons per year
make sure you can show individuals have given their consent, for the collection and processing of their data, based on complete information
make sure you can provide the collected information to the individual involved
notification requirements breach
make sure the collected data is properly protected from data breaches
make it possible to electronically transfer the collected individual personal data from your system to another
right to delete data
give individuals the option to have their data deleted
New compared to previous privacy regulations:
– being able to prove valid consent from individuals to collect their personal data
– making it just as easy for individuals to give and to take back their consent