What is the GDPR / AVG?
GDPR stands for General Data Protection Regulation and is very briefly outlined the renewed privacy legislation [i] on the protection of personal data, applicable to European citizens. In Dutch this is also referred to as the GDPR or General Data Protection Regulation.
The data protection in question requires:
- appropriate, technical and organizational measures that we must take in the form of information security (firewall, anti-virus, anti-phishing, etc.)
- appropriate procedures such as obtaining active consent from data subjects to process their data.
This legislation will take effect from 25 May 2018, which is why we would like to inform you in advance how we are already doing this today. Because simply storing personal data is already processing. So when we receive a mailing list from you as a customer (with names, addresses or other personal data), certain rules are attached to it. We must make these rules clear internally and everyone within the organization must comply with them.
What are the steps we take?
Initially, a data register or register of processing activities is created. This register (required by Article 30) contains the basis and content of the processing of personal data and includes suppliers, customers and personnel and all their personal data that we process from or for them.
When we process personal data for you as a customer, we will place extra emphasis on this and include the processing of this data in this register. These processing data include the owner of the data, purpose, location, accesses, etc. One of the reasons for this is that we ourselves need to gain insight into the various places where and for whom we keep which personal data.
An EU citizen has a number of rights that he can invoke, such as the right to access, the right to change or delete his or her personal data, but also the right to transfer to third parties (Article 20).
For that reason, we must always know where this data is located.
How do you learn more?
In addition, and that is not mandatory for Graphius, we appoint a certified data protection officer, in the jargon a DPO (Data Protection Officer). He will be responsible for regular monitoring of the application of this legislation, providing the necessary procedures and answering internal and external questions regarding the GDPR.
You can reach our DPO (Hendrik Van Haele) via dpo @ graphius.com.