The new personal data protection act

THE NEW PERSONAL DATA PROTECTION ACT: COMPULSORY REPORTING OF LEAKED DATA PLUS HIGHER PENALTIES

The new WBP (Personal Data Protection Act) in the Netherlands means compulsory reporting of leaked data and higher penalties. You will already be aware that the new Personal Data Protection Act is very important for you, the client. But what exactly does it mean? Allow us to highlight one important topic for you: handling the identity papers of people working within your company through InAxtion. The law is pretty clear: a client may not keep a copy of proof of identity in their administration, unless this is required by law. Under the Aliens Employment Act (WAV), clients must be able to supply a copy of the proof of identity of an 'alien'. In the case of non-aliens, clients are permitted to store all relevant details from their passport or identity card, such as name, date of birth, SOFI number (Social Insurance number), the type of proof of identity and its term of validity. But now, it no longer stops there.

Change in the law and a new authority

Laws are subject to change and this applies to the WBP, too. On 1 January 2016, it became compulsory to report leaked data. This means that your organisation has a duty to report a serious case of leaked data to the Autoriteit Persoonsgegevens (Dutch Personal Data Authority), which has replaced the CBP (Dutch Data Protection Authority). Leaked data might be a lost USB stick, a stolen laptop or a hacking incident. At the same time, the powers of the AP to impose penalties have been significantly extended. Processing data for no legitimate purpose or handling data carelessly within your organisation may be enough to be fined.

Complicated?

Perhaps. On the other hand, partnering with InAxtion means that you are working with people who know exactly what they are doing. Any questions? Feel free to contact us on +31 (0)78 632 68 68 or send an email to dordrecht@inaxtion.com.