On 25 May, the new privacy law entered into force, namely the GDPR. This law applies to the whole of Europe and is based on the privacy law of 1995. By now we are all familiar with the law and we are regularly confronted with it. The GDPR is of great importance to Archive-IT, but what exactly does the law mean again? We’ll list it for you!Personal dataThe GDPR focuses on the processing of personal data. These personal data can be divided into two types: ‘ordinary’ personal data and ‘special’ personal data. Ordinary personal data are data that belong to a person, such as, for example, a telephone number or an e-mail address. The other type of personal data are the special data. Because these data are very sensitive, the GDPR believes that they should be extra secure. This includes information about race, ethnic origin, political opinions, sexual orientation, genetic data and health information.PrivacyThe GDPR links a large number of privacy rights to the processing of personal data. An example is the right of access. This means that people have the right to see the personal data that have been processed about them. In order to comply with these privacy rights, the systems, processes and internal organisation must be set up correctly. In this way, it is possible to respond to the requests of people who exercise their rights.DigitizingIn order to meet all the requirements of the GDPR , digitisation is necessary. By digitizing you save a lot of time and also create structure and overview. The data is always and everywhere available. Perhaps most important of all is that you always have a backup of the data. If the file is only present in physical form, you run the risk of information loss due to theft or fire, for example.Archive-IT and the GDPRArchive-IT works with privacy-sensitive data on a daily basis, which is why it is very important that we act in accordance with the GDPR . After all, we cannot afford to be careless with this information. Archive-IT has been protecting personal data and certifications such as ISO 27001 and NEN 7510 for many years. A small selection of the extra measures we have taken with regard to the introduction of the GDPR are:
The appointment of a Data Protection Officer
Realising a retention policy
Conclusion of processing agreements
Would you like to know more about Archive-IT’s approach to privacy-sensitive data? Ask our Privacy Officer!