WBNetADD connect
Direct contact

+32 16 43 11 00

info@add.be Contact us

You are here

The dangers of the new privacy regulations: How to protect yourself?

06 April 2017


On May 25, 2018 the new European privacy regulations, the General Data Protection Regulation (GDPR), enters into force. The purpose of the GDPR is to better protect the data of European citizens. The new regulations arose from the 'Data Protection Directive' of 1995. There was much confusion about this directive and new developments such as cloud, escaped the reach of this law.

The new regulations apply to companies in possession of personal data, but that appears to be a broad notion. It includes ‘any information about an identifiable individual’ and that is not just a name, address, photograph and date of birth, but also account numbers, telephone numbers, or even an IP address. All that information can, namely, lead to a physical person and therefore also falls under the GDPR Directive.

When in doubt, it is best to assume that you are dealing with personal data. Fines for violations can include up to 4% of your annual global sales ... Also as a self-employed worker you cannot escape this regulation. The fines could run up to 20 million euros.

The regulations emphasise among others:

  • Transparency: communicate clearly about how you collect and process data
  • Data transfer: it should be possible, without any problem, to transfer personal data to another service at the request of the person concerned
  • The right to be forgotten: personal data must be deleted upon request, also with third parties.
  • Notification requirement in case of data breaches: if you become a victim of a data leak, you must report it within 72 hours to the Belgian Privacy Commission and in severe cases, also the affected individuals.

How do you become a GDPR compliant?

Phase 1: make an inventory of what data you have and where they are located.
Phase 2: elaborate procedures on how to protect and process personal data.

This is not a simple task; it is therefore appropriate to appoint a representative. Such a Data Protection Officer (DPO) is mandatory in some companies. The company's activities are a decisive factor: all organisations in the public sector and organisations that process personal data from a ‘special category’ (religious or health data, political affiliations ...) are obliged to appoint a DPO.

Placing your data in the cloud is not a wild card place to escape your responsibilities. Also, cloud providers must comply with the regulations in the context of transparency concerning data storage. If you store your data in a public cloud environment, the cloud provider cannot guarantee the physical location of that data. In this case, you do not comply with the privacy regulations. In a private cloud environment, the cloud provider has self-control over the storage place. Yet you and your company always remain responsible for the processing of your data and compliance with the law, not the cloud provider.

It should be clear that this directive has a great impact on your organisation. Not only do you need to identify the available data and the catalogue (required manpower), but you should also secure and protect them at a maximum level (required IT investment) and in case of a data leak a whole series of administrative and legal obligations arise (requires a crisis plan with use of specialists).

You have taken all precautions to become GDPR-compliant, but it backfires?

Are you the victim of ransomware or have your clients’ data been hacked? Then our IT Care policy takes action.

Speed is extremely important. IT Care primarily offers assistance in an incident or a breach. If you have determined either one of these, dial the emergency number that is accessible 24/07. IT specialists guide you through the various steps in the first 48 hours so that you are able to return to work. You will also receive support from specialist lawyers on the various steps and requirements regarding the reporting process. They work systematically: where do you have to report the leak? How do you inform the people concerned? Meanwhile, IT specialists will examine the location of the problem, remove the cause, ensure that the leak is closed and, if necessary, reconstruct the data... IT Care is able to provide for global assistance, after all: a claim follows the jurisdiction of the country where a person submits. Not only do we reimburse all costs incurred, the compensation liability claims and fines are also part of the cover.

In addition to the dangers of the new privacy regulations, ICT Care also covers other cyber and ICT-related risks. More information? Ask about our ICT Care folder or contact Door Cooreman

Our advice: let specialists assist you to deal with the risk of privacy and ICT incidents.


Other news and events

  • Werner Van Steen succeeds Dirk Van Liempt at ADD

    As of February 1, Werner Van Steen will be our new CEO . Dirk Van Liempt is retiring and is already excited about his successor: "It happens that...
    29 January 2021
  • Property

    Fire extinguisher expired? This does not make your insurer happy

    Hopefully we don't have to explain to you that your company needs to have sufficient extinguishing equipment to ensure fire safety in and around your...
    11 December 2020
  • Property

    Fire in your company? You must know the correct extinguisher

    There are enough fire extinguishers in your company, in exactly the right place. In the event of a fire, your staff can immediately put out the fire...
    20 November 2020
  • Transport

    Loading and unloading: is the carrier liable for damage or loss?

    Many entrepreneurs who have goods transported wrongly assume that the carrier is always liable for loss or damage during transport. There is a...
    15 October 2020
  • Trade credit

    Is there credit insurance that also covers preshipment risk?

    Suppose your company makes made-to-measure cupboards and receives a large order from a hotel chain. You enthusiastically set to work in order to be...
    02 October 2020