general data protection regulation


European privacy regulation for the collection and processing of personal data, aimed to better protect the consumer. This is called the General Data Protection Regulation (GDPR or AVG Algemene Verordening Gegevensbescherming in Dutch).

As of 25 May 2018, everyone in the European Union must conform to the regulations stipulated in the General Data Protection Regulation (GDPR). The GDPR ensures that personal data can only be collected under strict conditions and only if it is used for legitimate purposes. In addition, organizations are obliged to protect the collected personal data from improper use and respect the rights of all persons involved.

What should your company do in order to be GDPR-compliant?

  • be transparent and clear:
  • – indicate what personal data you collect and process
    – explain why you use and process personal data
    – clearly demonstrate how you collect the personal data
    – specify how long you will store the personal data

  • privacy by design & privacy by default
  • make sure the correct protection of personal data is already taken into account in the design phase of the products and services. Make sure no additional data is registered without permission

  • Data Protection Officer
  • appoint a Data Protection Officer if you process data of more than 5,000 persons per year

  • double opt-in
  • make sure you can show individuals have given their consent, for the collection and processing of their data, based on complete information

  • overview processing
  • make sure you can provide the collected information to the individual involved

  • notification requirements breach
  • make sure the collected data is properly protected from data breaches

  • data portability
  • make it possible to electronically transfer the collected individual personal data from your system to another

  • right to delete data
  • give individuals the option to have their data deleted

    New compared to previous privacy regulations:
    – being able to prove valid consent from individuals to collect their personal data
    – making it just as easy for individuals to give and to take back their consent