Data leaks! “Company X has had a large data leak” or “Person Y leaked important data by instance X”. It is the rule rather than the exception that the newspapers are full of it! It’s nothing new at all that Notification Requirement Data Leaks, which will come into effect on 1 January 2016, but we shouldn’t underestimate the impact of this notification requirement. Have you already taken the right steps and measures to be ready before 1 January 2016?
Notification obligation
This notification obligation applies to both the business community and the government. In short, this duty to report means that a report must be made immediately to the Dutch Data Protection Authority (College Bescherming Persoonsgegevens, College Bescherming Persoonsgegevens), which has recently been renamed the Authority for Personal Data (Autoriteit Persoonsgegevens, AP), in the event of a data leak. Fines that may be imposed by the AP may amount to up to 820,000 euros. This is not an easy task!
Laws
A data breach does not only mean that personal data has leaked out, but also that things like the destruction or alteration of these personal data are seen as a data breach. It is expected that the new European Data Protection Act will come into force in 2017, in addition to the mandatory notification of data leaks. The provisional agreement has now been reached. This is a European law and not a directive, as many thought. This law will be leading and local legislation will have to be in line with this with possible extra measures. This new European law obliges companies that process a lot of personal data to appoint a Privacy Officer to ensure compliance with this legislation. Also with this law we have to deal with high fines, up to 4% of the worldwide turnover.
Quality and safety
The Duty to Report Data Leaks and the new European Data Protection Act are important to guarantee quality and safety inside and outside the organisation. For Archive-IT it goes without saying, but one should not take it too ‘lightly’. In fact, these rules and laws should not be necessary. After all, as a good ‘family man’, we are expected to handle data in a safe manner. However, practice is different. The high fines are expected to open many eyes.
Archive-IT is ISO27001 and NEN7510 certified. This means that these laws and regulations are part of these standards. In this context too, Archive-IT has taken all measures to embrace the Data Leakage Reporting Requirement. Archive-IT has also taken steps towards the new European Data Protection Act, which will most likely become effective in 2017. Here, too, awareness within the organization is very important and must be continuously taken into account in all business processes.
The impact of these laws will become clear in the coming period. What steps has your organization already taken?