Privacy by design and privacy impact assessments

 In IT & Internet

Current developments

‘Cloud Computing’, ‘Big Data’, ‘the internet of things’ and computer-related crime greatly influence the development of privacy law. Numerous new products may entail far-reaching consequences for privacy issues. It is of the utmost importance to assess the privacy impact, so that penalties can be avoided and products won’t have to be modified later on to make them meet new legal requirements. Issues such as data protection and transparent, reliable and verifiable processing of these data play an essential role.

Current legislation

As a result of technical developments new privacy laws continuously need to be drafted. In the Netherlands EU Directive 95/46/EC has been transposed in the Personal Data Protection Act and the Dutch Data Protection Authority issued guidelines in March 2013. The Personal Data Protection Act will be amended and in 2016 the new EU privacy regulation will enter into force. This regulation will have direct effect in all EU member states.

Business and industry will have to take the fullest account of the far-reaching impact these measures will have for the protection of privacy. Risk analyses will have to be made to guarantee a suitable level of protection so that data leaks and unlawful data processing may be prevented.

Everyday reality is that privacy legislation is usually overtaken by events. However, the existing rules offer some kind of flexibility, so that we can be held to a certain extent to adapt privacy measures to the state of the art. Companies are obliged to analyse possible privacy risks and take protective measures.

Privacy by design

Privacy by design is the new trend when protective measures are called for. It means that privacy risks should be mapped before a system that could affect privacy issues is built or put into operation. Privacy protection is not going to disappear, as some of the social media gurus claim. On the contrary, privacy protection – like green energy – is seen as a unique selling point.

Privacy Impact Assessment (PIA)

Security companies have developed so-called penetration tests to check existing systems for protection against hacking and unwanted access to personal data.

A Privacy Impact Assessment (PIA) is a new phenomenon. NOREA, the professional organization of IT auditors has published a kind of PIA manual. Most consumer appliances, such as medical devices, robots and sensors in health care, and all kinds of ‘connected devices’ will soon send privacy sensitive data to the cloud. To avoid creating an obstacle to further progress, the privacy impact should be assessed in time so that suitable measures can be taken for the protection of privacy. Business and industry will have to take these measures themselves and a PIA is an essential tool in that process. Legal advice is a prerequisite when seeking the boundaries of what is legally possible.

We will be pleased to advise you.
Bob Cordemeyer,  Irvette Tempelman

Recent Posts
  • 11 May 2021

    INPLP article May 11, 2021

    Wouter Huisman
    Bob Cordemeyer
    Fine of €475,000 for reporting data breach 22 days to late. According to a press release of April 6 the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) imposed a €475,000 fine on because the company took too long to report a data breach to the DPA into compliance with Article 33 GDPR.
    Read More
  • 15 September 2020

    The British Data Protection Authority ICO considers operating systems that are no longer supported inadequate security.

    Bob Cordemeyer
    If systems such as Windows 7 and Windows Server 2008 R2 SP1 are no longer supported by Microsoft, this may result in inadequate security, which could then be seen as an infringement of article 32 GDPR. Huge GDPR fines may be imposed because of this infringement.
    Read More
  • 17 March 2020

    Hanneke Slager
    Following the recent developments in connection with the Coronavirus (COVID-19), we hereby inform you of the measures that we have taken to ensure the continuity and quality of the services we provide to you.
    Read More

Leave a Comment