First, the event discussed why the AVG is being introduced. The current Wbp dates back to 1995, which is quite some time ago. Especially in view of the technological developments that have taken place since 1995. Thanks to these developments, such as mobile devices and the Internet of Things, we are leaving more and more data in more and more different places. This raises the following questions: "Where does this data end up?", "What happens to this data?" and "Are they properly secured?". Finally, there are more frequent incidents of data leaks these days; this has been a reason for the European Union to develop new legislation.
Next was a focus on the differences between the Wbp and the AVG. Some of the differences discussed were:
Finally, the event also focused on the implementation of the AVG. It is important to use a phased approach, for example, start first with a GAP analysis: 'where are the processing operations within your company with sensitive data?' To gain this insight, John indicated in his presentation that a good starting point of the implementation can be to maintain your own register of personal data processing. After all, this register keeps track of all processing operations. Also, there is currently tooling available that can help obtain this overview. During the presentation, the tool PrivacyPerfect was discussed.
Once this insight is gained, what-if scenarios can be used, making it possible to gain very concrete insight into, for example, the consequences of the various rights of data subjects. These scenarios can then be the starting point for further development of policy regarding the processing of personal data.
Apart from these different phases during the implementation of the AVG, it is important to have the full commitment of the organization's Board of Directors. Thanks to the fact that with the implementation of the AVG, many organizations are actually also playing catch-up with the Wbp, many choices need to be made quickly. Experience shows that this is easier with the commitment of the Board of Directors.
John Storms has written previously about the implementation of the AVG. Read his full article here: https://www.auditpeople.nl/nieuws/implementatie-avg/.
Clarissa van der Most. Clarissa is an audit trainee at AuditPeople.
ARC People connects three strong labels: AuditPeople, RiskPeople and CompliancePeople. Each of these labels focuses on its own specialized field. Clients are provided with the right people and knowledge from those specialties. www.arcpeople.nl