You will regularly hear about it: data leaks, privacy-sensitive data, laws and regulations, the European Privacy Regulation…. But what about it again? Did you know that the Personal Data Protection Act will eventually be replaced by the General Data Protection Regulation? We will take a closer look at it.
What do we mean by personal data?
The name says it all: it concerns data that belong to a person. This may include names, addresses, a date of birth and other personal data. Archive-IT has a lot to do with this, as Archive-IT ‘processes’ privacy-sensitive information for its clients. Whether it concerns medical, legal or personnel files, almost every file contains information about individuals, so we also have to comply with the Personal Data Protection Act.
It is absolutely noticeable that in the Netherlands data protection is the focus of great attention. It is not for nothing that the Data Leakage Reporting Requirement was introduced. This amendment of the law entered into force on 1 January 2016, whereby a data breach must always be reported to the Authority for Personal Data. This can lead to fines of up to € 820,000!
Cross-border
The Personal Data Protection Act (WBP) as we know it at the moment is regulated at national level, but it is now outdated as well. Since it has become known that the General Data Protection Ordinance (GDPR) will enter into force in May 2018, organisations can prepare themselves for the requirements of this legislation. This Regulation will replace the WBP.
The importance of a Regulation at European level is very great, as in this digital world we are increasingly working on a cross-border basis. A year ago, the European Parliament voted in favour of a General Regulation, which focuses entirely on privacy legislation and goes further than the WBP as we know it today. The WBP focuses in particular on the person responsible for processing personal data, with the focus in the new GDPR no longer being on the person responsible, but also on the person processing the personal data. What we talked about in the WBP is that this new regulation refers to a processor.
The GDPR is high on the agenda at Archive-IT and we are working hard on it. We will discuss this subject in more detail in a future blog.
Did you know that we at Archive-IT are working on it on a daily basis? Would you like to know what Archive-IT’s starting points are? Then read on quickly.
What does Archive-IT do?
As a processor, working with privacy-sensitive data is the daily practice for Archive-IT. We cannot afford to leak information and take the highest possible measures to do so.
Physical vs. digital
Whether customers opt for external archiving in one of our heavily secured archive depots or digitisation in bulk, safety is our number one priority. We don’t sell a product or a service; we sell trust. And we do everything in our power, day in and day out, to ensure that this trust is not damaged.
In addition to the physical measures we take, such as permanent camera security, a modern certified gas extinguishing system, access control and so on, we also focus on the digital security of data. Our own software solutions are subject to penetration tests. Not only by ourselves, but also by an external certified party. This party periodically tries to ‘ethically hack’ our software. All the measures we take have resulted in the ISO 27001 and NEN 7510 certificates we have in our possession. The standard for information security. You will never receive digitized files by e-mail or on a CD/DVD. This will only be made available through a secure application.
Our Security Officer continuously monitors and secures our information security. Only in this way do we live up to the trust our customers place in us time and again. We go for a 10.