It has been exactly 1 year ago, 25 May 2018, that the General Data Protection Regulation (GDPR) came into effect. Do you have everything in place in the meantime? Below you can find what else will come your way.
Looking back at the birthday
Twelve months later it turns out that not all companies in the Netherlands are GDPR-proof yet. As you probably have heard, Uber needs to pay a fine of €600.000 because they reported a data breach too late, and the UWV received a penalty payment in which they get another year the time to comply with the GDPR. Those two companies are definitely not the only two who should tighten up their measures. At 3 May 2019 many news editors wrote about the huge data breach at the UWV: 117.000 CV’s hacked by criminals. And at 10 April 2019 a data breach was reported at Jeugdzorg (Youth Care Office): dossiers of more than 3000 children public available. We all know that the GDPR includes more than only data breaches and the reporting thereof. However, is it not a surprise that the authorities will perform more and more checks whether companies comply with the privacy regulations.
There will be more after the GDPR
We are not there yet. As of 2002 a directive exists in privacy via electronical communication. This guideline will become a regulation! Namely: the E-privacy Regulation. This regulation needs to be elaborated and therefore we cannot explain the content of it in more depth yet, but what we do know it that this regulation will become a special law, meaning having a priority over the GDPR.
You are not too late yet for the next birthday
Do you need a privacy statement? You did not make a data processing register yet? Do you need help with creating processor agreements?