A new law on the processing of personal data was introduced in 2018 and it applies throughout the EU. The GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming) contains all the provisions applicable in the Netherlands. Hendriks & James, which has now merged with Translation Agency Fiducia, translated it into English.
What is the GDPR Implementation Act?
Every organisation uses and processes personal data. The processing of personal data is subject to a lot of laws and regulations, one of the most important of which is the General Data Protection Regulation (GDPR). The main rules for processing personal data in the Netherlands are laid down in the GDPR Implementation Act. The Personal Data Protection Act (Wet bescherming persoonsgegevens) no longer applies. The GDPR entered into force on 25 May 2018. This means that the entire EU has been subject to the same privacy legislation since then. The GDPR Implementation Act sets out the national choices that the GDPR leaves open. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) monitors whether organisations comply with laws and regulations on the use of personal data. The powers and duties of the Dutch Data Protection Authority are also set out in the GDPR and the GDPR Implementation Act.
The key provisions in the GDPR
The GDPR includes a number of provisions that deal with the lawful processing of personal data. We list the most important provisions below:
- Personal data may only be processed in accordance with the law. Data subjects must be informed of the reason why and the extent to which their personal data are to be processed.
- Personal data may only be collected for a legitimate purpose, which must be clearly and explicitly defined in advance. The purpose of processing personal data must also correspond to the purpose for which those data were collected.
- If an organisation processes personal data, then the data subject should be aware of its identity and the purpose of the data processing.
- An organisation should ideally process “as few data” as possible. Thus, the processing of the data must be appropriate to the purpose for which they are processed.
- The controller must ensure that the data are accurate and updated as necessary.
- Personal data and their processing must be properly secured. Some data, such as data concerning religious beliefs, race and health, are subject to particularly strict rules.
English translation of the GDPR Implementation Act
Given that the GDPR features in almost every agreement made between two parties, whether in relation to just a newsletter subscription or an employment contract, it also often features in English translations. In 2018, Hendriks & James, now Translation Company Fiducia, translated the GDPR Implementation Act into English at AKD‘s request. It was released publicly and can be downloaded here:
Download the English translation of the GDPR Implementation Act.
Printed copy of the GDPR Implementation Act in English
Of course, this translation is not only available in PDF format, it’s also in print because it’s so often referred to. It includes the Dutch original.
If you would like to order a copy of it, do not hesitate to contact us!