In April 2016 The European Parliament adopted the new General Data Protection Regulation (“GDPR”) which replaced the data protection directive from 1995. The main feature of the GDPR is to protect the personal data and privacy of EU citizens for transactions within the EU. It also regulates the exportation of personal data outside the EU.
The GDPR will be effective as from 25 May 2018 which means that as from this date companies and public bodies will need to comply with strict rules in order to protect customer data. As a consequence, companies and public bodies will need to put systems and processes in place in order to comply to GDPR.
The types of privacy data that falls under the scope of GDPR are basic identity information such as name, address and web data such as location, IP address, cookie data and RFID tags. Other data that falls under the scope of GDPR are biometric data, racial or ethnic data, Political opinions, sexual orientation and health and genetic data.
The GDPR requires that the companies and public bodies need to assign a Data Protection Officer (“DPO”) in order to oversee data security strategy and GDPR compliance. Companies are required to have a DPO if they process or store large amounts of EU citizen data, process or store special personal data, regularly monitor data subjects. Public bodies are obliged to assign a DPO. Some public entities such as law enforcement may be exempt from the DPO requirement.
Should you need further information in this matter please feel free to contact Jeroen Kerkhof or Fariq Ishaak at fariq@columbusadviory.com or call 0031 6 21486808