GDPR Legislation Goes Before Dutch Parliament

The Netherlands Government has progressed its GDPR Implementation Billto face a vote before Parliament. The focus f the bill is to prepare and achieve compliance with the oncoming General Data Protection Regulation (GDPR) which becomes live on May 25 2018.

In the Netherlands, the GDPR Implementation Bill refers to the personal data of people residing in that country. It applies to all companies located within the there, as well as those that supply goods or services to anyone living in the Netherlands.

Article 8 of the GDPR specifically refers to the age of consent as being sixteen years. The bill stresses this, and adds that any individual older than this, who has a legal guardian due to mental impairment issues, must be represented by the parent or guardian in cases of providing consent.

The importance of the DPA has been re-emphasised in this new legislation and its structure is the identical. However, the DPA is no longer a constituent part of the Ministry of Justice. It now operates its own office.

The Bill stresses that the DPA will have the authority to use the powers of enforcement and sanction, in order to safeguard  compliance with GDPR. This means that the DPA can terminate illegal processing or force businesses to stop processing data. It can also impose penalties and other sanctions, when non-compliance is discovered.

There are certain exceptions regarding the processing of special data which are already in place in the Data Protection Act (DPA) of the Netherlands. These exceptions refer to who can process specific items of special data and when it can be processed. The Bill refers to Article 9(2)(g) of the GDPR in relation to substantial public interest, in order to justify the inclusion of these exceptions.

An additional exception, in relation to the use of biometric data in the workplace has been included. This is because deciding not to use biometric data for security reasons could possibly put the secure processing of personal data in danger.