general data protection regulation

European privacy regulation for the collection and processing of personal data, aimed to better protect the consumer. This is called the General Data Protection Regulation (GDPR or AVG Algemene Verordening Gegevensbescherming in Dutch).

As of 25 May 2018, everyone in the European Union must conform to the regulations stipulated in the General Data Protection Regulation (GDPR). The GDPR ensures that personal data can only be collected under strict conditions and only if it is used for legitimate purposes. In addition, organizations are obliged to protect the collected personal data from improper use and respect the rights of all persons involved.

What should your company do in order to be GDPR-compliant?

– indicate what personal data you collect and process
– explain why you use and process personal data
– clearly demonstrate how you collect the personal data
– specify how long you will store the personal data

make sure the correct protection of personal data is already taken into account in the design phase of the products and services. Make sure no additional data is registered without permission

appoint a Data Protection Officer if you process data of more than 5,000 persons per year

make sure you can show individuals have given their consent, for the collection and processing of their data, based on complete information

make sure you can provide the collected information to the individual involved

make sure the collected data is properly protected from data breaches

make it possible to electronically transfer the collected individual personal data from your system to another

give individuals the option to have their data deleted

New compared to previous privacy regulations:
– being able to prove valid consent from individuals to collect their personal data
– making it just as easy for individuals to give and to take back their consent

email

Linkedin

Twitter