Dutch DPA Makes Data Protection Policy Recommendations

Odia Kagan
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.

A good data protection policy shows the individuals and the Supervisory Authority that it complies with GDPR.

Three mandatory components were examined:

  • a description of the (categories of) personal data
  • a description of the purposes of data processing
  • the rights of data subjects.

Recommendations:

  • Assess whether you are required to have a written data protection policy. Even if not required, a data protection policy is recommended.
  • Use internal and / or external expertise.
  • Record the policy in one document; prevent fragmentation of information in a privacy statement, a processing register and a policy.
  • Be specific and describe how you implement the GDPR principles in practice. Repeating standards from the GDPR is not enough.
  • Make the policy known; Though not required, publication of the data protection policy is recommended. But beware of including confidential details on your information security.

Read the full text.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide