Can we support you with your privacy implementation and maintenance?
De dagen dat het beschermen van persoonsgegevens bij bedrijven geïmplementeerd moest worden zijn voorbij. Bedrijven hebben omvangrijke investeringen in opleidingen gedaan, maar hebben nagelaten kennis- en verandermanagement te organiseren en structurele maatregelen in de bedrijfsprocessen “by design” op te nemen.
Bedrijven wensen geen budgetten vrij te namen voor het beschermen van persoonsgegevens; het moet onderdeel zijn van andere processen zoals riskmanagement en compliancemanagement.
Bovendien zijn er slimme IT-systemen nodig om effectieve beheersmaatregelen te treffen en de operationele kosten binnen de perken te houden.
Wat is de verwachtingskloof?
The European supervisors continue to issue guidelines in which the obligations from the European General Data Protection Regulation (GDPR) are explained in more detail, see Guidelines, Recommendations, Best Practices. What is striking in the explanations of the supervisors are the far-reaching management and protection requirements.
In its Focus DPA 2020 – 2023, the Dutch Data Protection Authority emphasizes the supervision of the effective protection of personal data. We see a series of fines, especially at government organizations, see fines and other sanctions. From the annual reports of the Dutch Data Protection Authority, it is difficult to distill a clear picture of the status of companies in how they are organized to effectively protect personal data.
When organizing the effective protection of trade secrets, the court expects an inventory of the trade secrets, an overview of the control measures and proof that the measures have worked effectively.
An expectation gap has arisen when companies and regulators have concretized the statutory GDPR requirements. This also applies to companies and judges when protecting trade secrets.
What is our approach?
We always adapt the training for data protection officer (DPO) and related training courses for new legislation and the interpretations of legislation by the supervisory authorities. We know the impact of new legislation and interpretations of regulators on the organization of business activities.
If a company sees the interpretations of the legal framework as a duty, we can imagine that â€œthere’s no hopeâ€. It is also possible to view the guidelines of the supervisors from the perspective of business operations. This broader perspective offers opportunities to effectively organize company and personal data, as well as trade secrets, while at the same time keeping liability and cost risks manageable.
The plan of approach for the implementation of the next phase, protecting company and personal data and trade secrets, is based on a business case.
Based on the organization of the business activities, the signals from employees to organize business processes more effectively and the assessment that employees are prepared to handle the business processes, we draw up an action plan. We discuss the action plan with clear milestones and products with the company management and department management. After an agreement, we implement the plan in collaboration with the employees.
The implementation can relate to various points of attention. In general we can mention:
- Overview and insight create responsibility domain of entities and partnerships;
- With the help of the corporate legal function with partners (customers, employees and suppliers), in a systematic way, agree on management and processing agreements and set up contract management;
- Based on the organization of business activities, inventory and record processing of personal data and trade secrets, document the control measures and collect evidence of effective operation;
- Record incidents resulting from the passing on of management and security measures and promote them to data leaks, documented or otherwise;
- Continuously make employees aware and train them;
- Include control measures aimed at protecting personal data “by design” in the business processes with which the business activities are organised; and
- Targeted and insightful compilation of management reports.
The scope of the steps to be taken is to protect company and personal data and trade secrets. The protection of data is organized in a process and supported by IT resources.
The project leader invests the results of the implementation in the business organization. The department management and employees take over the management and take care of maintenance. The company management periodically enables management and employees to take note of new developments in the field of protecting personal data and trade secrets.
Do you have any questions or would you like to make an appointment?
Do you have questions about organising, implementing or expanding the protection of personal data? Our service owner, André Biesheuvel or one of his colleagues, will be happy to discuss your specific case.