Privacy and data protectionFrom 25 May 2018 onwards, all organisations in the EU must comply with the General Data Protection Regulation (GDPR).The Regulation applies to both small and large organisations within the EU but also to organisations that are not located in the EU but process data relating to EU customers/employees and other data subjects. The legislation applies to personal data that is in the digital world as well as personal data in the off line world. The GDPR covers both business-to-client data as well as business-to-business data. Therefore, it will also apply to the personal data of employees.
GDPR in 10 questionsWhat questions do you have to ask (and have a solution to) when looking to become GDPR compliant?
- What personal data do I collect?
- Why do I collect this personal data?
- Is the personal data I'm collecting helping me reach my business goals?
- Do I collect more personal data than I'm using?
- Where do I store the personal data? Am I transferring the personal data outside of Europe?
- How long am I storing the personal data and do I delete it as soon as possible?
- How do I make sure customers/employees and other data subjects can exercise their rights under the GDPR?
- Do I have a register of all processing activities?
- Have I documented everything and have I figured out how to stay compliant in the future?
DPO as a serviceOne of the requirements for a lot of companies will be to appoint a Data Protection Officer. This will be particularly the case if you are processing personal data on a regular basis and you qualify it as a core activity within your business.
The Data Protection Officer can also be an external party. In case your company is not that big it could be smart to make use of the services of an external Data Protection Officer. The Data Protection Officer can advice you on privacy related issues and help you managing to stay compliant.
Remember: the responsibility on being compliant stays with the management. The Data protection officer can also create awareness so that your employees know what is expected of them regarding privacy and data protection.
If you are interested in DPO as a service you can contact us so we can talk about the possibilities.
Privacy landscapeThe privacy landscape encompasses more than just the GDPR. For marketing activities the E-privacy directive, which is currenlty under revision, plays an important role. The same goes for other laws and regulation regarding data protection, security and the EU plan to work towards one single digital market.
Because of this broad privacy and data protection landscape it is important to hire experts which can translate the requirements resulting from laws and regulations with your everyday business environment. Van Spaandonk & Koks can help you with this.