Privacy law and personal data
In these times of internet, cloud computing and social media privacy is often sadly lacking. This does not mean that there are no rules to which you will have to adhere with regard to personal data of others. On the contrary: the Data Protection Act (from 25 May 2018 the European Data Protection Regulation) makes stringent demands on the processing of personal data. Apart from that on 1 January 2016 the notification requirement in relation to data leaks and an extensive and a far-reaching power of the Personal Data Authority to impose penalties were added.
Are you aware of all rules applicable to your situation?
Personal data for example may only be processed if there is a so called ‘basis’, such as permission or necessity in relation to the fulfilment of an agreement. Those who buy something at a web shop must enter their contact data. The seller may use those data for the settlement of that sale. Those data cannot be used automatically for other purposes. Only if the seller has informed the buyer beforehand that he wants to use those data otherwise and for what reason and the buyer has given his permission within that scope, the data may also be used for those other purposes.
Whether permission must be given tacitly or explicitly is dependent on the type of data. Delicate information such as health data requires an explicit permission. Apart from that you should take care that the collected personal data are protected, by means of proper technical and organizational measures.
Should you make use of the services of a third party for the processing of personal data you must conclude a processing agreement with this party. For example an external salary processor, your SAA-supplier or the cloud.
There are two sorts of notification duty: a general notification duty for the mere fact that you do process personal data and a notification duty in relation to data leaks.
Based on the general notification duty you must notify to the Personal Data Authority that you process data and what kind of data. Fortunately in this respect there are exemptions with regard to the usual processing in all companies such as personnel administration, the customer base and the ICT network. Those exemptions contain conditions though, which must be met and of which most companies are not aware.
Based on the notification duty in relation to data leaks you must also notify the Personal Data Authority and in certain circumstances also to those involved if there is a data leak. A data leak is every infringement on the security of personal data that leads to a considerable chance of serious adverse impact on the protection of personal data.
Application of all rules in a concrete case requires a thorough knowledge of those rules and the application thereof in practice. PlasBossinade has that knowledge and shall gladly assist you.
Lawyer in the field of privacy law
Are you looking for a lawyer who is specialized in privacy law? PlasBossinade has specialists with a lot of knowledge and experience in privacy law. They are ready to render their services to you. Do not hesitate to get in touch with us to see what we can do for you specifically.