Privacy & data leaks
Every business is confronted with issues surrounding personal data. Dealing with these data is strictly regulated in the Personal Data Protection Act (Wbp). These rules were tightened as of 1 January 2016.
Processing personal data
An organisation may collect and process personal data only in accordance with the law. The level of protection that is considered suitable for this depends on the sensitivity of the data and on the way in which it is stored. The person to whom this data applies has certain rights. For example, they have the right to information about the use of their data and can require the data to be corrected if it is incorrect. Finally, the organisation may not keep the personal data longer than necessary.
Obligation to notify about data leaks
One of the most important changes is the obligation to make notification about data leaks. The organisation is obliged to make a notification of an infringement in security to the Data Protection Authority, if there is a significant chance that there will be negative consequences for the protection of personal data. The affected people must also be notified of the infringement if the infringement will probably have negative consequences for their personal life as well.
The processors’ obligations
In many cases, a business works together with another business to process personal data. This company is identified as the “processor”. The responsible person is obliged by the Wpb to ensure that the processor also observes the core conditions for the protection of personal data.
Expansion of the Data Protection Authority’s powers to impose fines
The Data Protection Authority can impose administrative fines for violations or if the responsible person acts in conflict with other obligations arising from the Wbp.
Therefore, it is necessary to ensure that every business which collects and processes personal data complies with the demands of the Wbp. Existing and new contracts must be examined with respect to this, and the organisational arrangements must also take into account the obligations arising from this Act. In order to be able to notify Wpb about a data leak immediately, the responsibilities and tasks should be clearly assigned in advance. GMW lawyers will be happy to assist you with examining points for improvement, your organisational arrangements and how to make agreements with your business partner regarding the processing of personal data.
For advice and questions we invite you to contact our Company & Insolvency department.