Privacy and personal data protection are becoming increasingly important issues. With the growing media attention for data leaks (which can sometimes be on a massive scale) and internet fraud, more and more people are now aware of where their personal data is being stored. The security of data on IT systems is consequently also attracting attention.

Rules governing privacy in the Netherlands are enshrined in the General Data Protection Regulation (GDPR). This EU law took effect on 25 May 2018, replacing the Dutch Personal Data Protection Act.

Increasingly strict privacy laws

Under the new privacy laws, the requirements governing organisations that process personal data have become stricter. As well as maintaining comprehensive records of any personal data registered, and details of all the technical and organisations in place, every organisation has to:

Maintain a full and up-to-date record of data processed;
Conclude agreements with third parties storing or processing privacy-sensitive data;
Report all leaks of privacy-sensitive data to the Data Protection Authorities (DPA) within 72 hours;
Define, document and demonstrably implement appropriate technical and organisational measures;
Respect the rights of individuals whose privacy-sensitive information is being stored or processed;
Ensure that employees with access to privacy-sensitive information are aware of their role in protecting privacy.

As well as the possibility of direct legal and financial consequences (i.e. fines), failure to comply with relevant legislation can also result in indirect losses (such as the risk of reputational harm and/or claims). A company’s strategy usually pledges due care and diligence or undertakes to protect privacy-sensitive information.

How BDO can help you

BDO has a team of experts – lawyers, IT experts, change managers, cybersecurity experts and business administrators - poised to help you protect your privacy-sensitive data. Our privacy team in the Netherlands specialises in cross-border privacy issues. This team is the GDPR Competence Centre of Excellence for BDO worldwide. We offer a comprehensive portfolio of services, including:

Provision of an Interim Data Protection Officer
Support for pragmatic GDPR implementation
Awareness campaigns and education
Data protection impact assessments

Contact

To find out how BDO’s pragmatic approach can help you protect personal data within your organisation, feel free to contact one of our specialists for an informal chat.