Privacy matters are regulated by law. All European countries must apply with the General Data Protection Regulation (GDPR) since May 2018. The way the GDPR is applied in the Netherland is described in an implementation act.
European General Data Protection Regulation (GDPR)
The GDPR describes when personal details may be processed, what the rights of the processor of the data are, and what an organisation like NHL Stenden should do to work fairly, transparently, and securely. The GDPR also arranges monitoring, and describes the fines for non-compliance. What is new is that these fines are extremely high. They are tailored to big players like Microsoft, Google and Facebook. The maximum amount is 20 million euros or 4% of the annual revenue, whichever is more. This illustrates how privacy has become big business. Other novelties in the GDPR include:
Privacy Impact Assessment
In certain circumstances, an organisation is obliged to perform a privacy impact assessment prior to the introduction of a new process or the purchase of a new automated system. The assessment determines the impact of the system on the privacy of the people involved, and what the organisation can do to minimize it.
Data portability
The right to data portability is also new. This means you have the right to take your data from one organisation to another, for example when switching internet providers or educational institutions.
The right to be forgotten
In appropriate cases, you can demand for your data to be destroyed or removed from internet search engines.