General Data Protection Regulation
The General Data Protection Regulation (“GDPR”) is a European regulation with direct effect in all countries of the European Union. On 25 May 2018 it will become effective and from that moment onwards an equivalent regime with regard to the protection of personal data applies in all Member States.
On the basis of the GDPR, the rights of the person whose personal data being processed are deliberately extended. You must bring your business operations in line with the GDPR before 25 May 2018. If you do not, you run the risk of fines up to a maximum of 20 million euros, or a fine of 4% of your worldwide annual turnover.
What do you have to comply with on the basis of the AVG?
2. Your company must maintain a data processing register that includes:
– a description of the categories of data subjects and personal data being processed;
– a description of the processing purposes;
– the legal basis for data processing;
3. Depending on the activities of your company, you may be required to appoint a data protection officer (FG);
4. If you cooperate with another party that processes personal data on your behalf, a processing contract must be concluded with those parties which specifies who is responsible for the correct processing of the personal data.
The above is only a small selection of the obligations that follow from the GDPR. What the GDPR exactly means for you, differs per company.
Naturally, Zeevenhooven Advocaten is happy to help you determine what the GDPR requires from you and how to meet these requirements in the most efficient way.
Please contact the specialists privacy law of Zeevenhooven Advocaten if you want more information about the AVG and its implementation.