You often hear about it: data breaches, privacy-sensitive information, legislation, the European privacy regulation... But what was it all about again? Did you know that the Dutch Personal Data Protection Act (WBP) is being replaced by the General Data Protection Regulation (GDPR)? Let’s take a closer look.
What is personal data?
The term says it all: it refers to data related to an individual. This can include names, addresses, dates of birth and other personal details. At Archive-IT, we deal with this kind of data every day, as we ‘process’ privacy-sensitive information on behalf of our clients. Whether it involves medical, legal or personnel files, almost every document contains personal data—so we are subject to the WBP.
Data protection is a major focus in the Netherlands. It’s no coincidence that the mandatory data breach notification rule was introduced. This amendment to the law came into effect on 1 January 2016, requiring any data breach to be reported to the Dutch Data Protection Authority. Non-compliance can result in fines of up to €820,000!
Cross-border
The current WBP is regulated at national level, but it is now considered outdated. Since the introduction of the GDPR, which comes into force in May 2018, organisations have had time to prepare for the stricter, more comprehensive requirements. The GDPR will officially replace the WBP.
A European-level regulation is crucial in today’s digital world, where cross-border data processing is the norm. A year ago, the European Parliament adopted this Regulation, which goes far beyond the scope of the WBP. While the WBP primarily focused on the data controller, the GDPR also places responsibility on the data processor—the party actually handling the data.
What does Archive-IT do?
As a processor, working with privacy-sensitive data is daily practice for Archive-IT. We cannot afford to leak information and take the highest possible precautions to prevent it.
Physical vs. digital
Whether customers opt for external archiving in one of our highly secured archive depots or large-scale digitisation, safety is our number one priority. We don’t sell a product or a service; we sell trust. And we do everything in our power, day in and day out, to ensure that this trust is not compromised.
In addition to the physical measures we take, such as permanent CCTV surveillance, a modern certified gas extinguishing system, access control and so on, we also focus on the digital security of data. Our own software solutions are subject to penetration tests — not only by ourselves, but also by an external certified party. This party periodically tries to ‘ethically hack’ our software. All the measures we take have resulted in the ISO 27001 and NEN 7510 certificates we hold — the standards for information security. You will never receive digitised files by e-mail or on a CD/DVD. These will only be made available through a secure application.
Our Security Officer continuously monitors and safeguards our information security. Only in this way do we live up to the trust our customers place in us time and again.