Skip to main content

GDPR

What is GDPR?

GDPR stands for General Data Protection Regulation and is very succinctly the updated privacy legislation on the protection of personal data, applicable to European citizens. In Dutch, it is also known as the AVG or General Data Protection Regulation.

The data protection in question requires:

  • appropriate, technical and organisational measures to be taken in the form of information security (firewall, antivirus, antiphishing, etc.)
  • appropriate procedures such as obtaining active consent from data subjects to process their data.

This legislation comes into force on 25 May 2018, which is why we want to inform you in advance how we are already doing so today. Because simply storing personal data is already being processed. So when we receive a mailing list from you as a customer (with names, addresses or other personal data), there are certain rules attached to it. We have to make these rules clear internally and everyone in the organisation has to follow them.

What steps do we take?

The first step is to create a data register or register of processing activities. This register (required by Article 30) contains the basis and content of personal data processing and includes suppliers, customers and staff and all their personal data we process from or for them.

Where we process personal data for you as a customer, we will place additional emphasis on this and include the processing of this data in this register. These processing details include data owner, purpose, location, accesses, etc. One of the reasons for this is that we ourselves need to understand the various places where and for whom we hold what personal data.

An EU citizen has a number of rights they can invoke, such as the right of access, the right to modify or delete their personal data, as well as the right to transfer to third parties (Article 20).

For this reason, we always need to know where this data is located.

How do you find out more?

In addition, and this is not mandatory for Graphius, we will appoint a certified data protection officer, in jargon a DPO (Data Protection Officer). He will be responsible for regularly monitoring the application of this legislation, providing the necessary procedures and answering internal and external questions about the AVG.

You can reach our DPO at dpo@graphius.com

Contact us