Privacy and processing personal data are issues that have been at the centre of public debate for several years. This has resulted in greater awareness among those involved (the ‘data subjects’). Also corporate boards are discussing the importance of these issues in respect of core business operations to an increasing extent. The Dutch Data Protection Authority (DPA), which monitors compliance with legislation and regulations relating to personal data, is becoming more active too, and its powers are increasing. Although the DPA is currently able to operate effectively by naming and shaming, it will have the power to impose severe fines in the future.
Personal Data Protection Act
This means that it is of the utmost importance to ensure that your organisation fulfils the obligations laid down in the Personal Data Protection Act. This Act states inter alia that you must ‘take appropriate technical and organisational measures’ and you may not store personal data ‘for longer than necessary’. However, it is not always clear what exactly these obligations mean as far as your organisation is concerned. For example, your cloud supplier is ISO 27001:2005 certified, but is this enough? And how long are you allowed to store customer data for? To what extent can you share data at your organisation, or with third parties? And what about privacy on the shop floor?
At Ploum, our IT team will give you fast, specific and appropriate advice. Our team has a great deal of experience in this field, and it goes without saying that they keep abreast of all the latest relevant developments. Examples at Dutch level include cookie legislation and the duty to report data leaks, and the proposed privacy regulation at EU level. We also have considerable experience in planning and coordinating projects in various jurisdictions in the EU, and this enables us to advise you on relevant matters such as how to make your web shop ‘compliant’ in the whole of the EU. We will work with our colleagues at the Employment & co-determination department where necessary, e.g. if you want to implement a digital employee monitoring system at your company.
Would you like to find out more?
If you have any questions about how to deal with privacy or personal data processing, please don’t hesitate to contact one of our privacy lawyers.