Autoriteit Persoonsgegevens, the Dutch Data Protection Authority (DPA), has published six recommendations for companies operating in the Netherlands. The agency says that these guidelines should be considered when drafting privacy policies.
The Dutch DPA recommends employing procedures when drafting privacy policies:
- Collaborate with all available internal and/or external specialists, particularly data protection officers. so they can assist in implementing privacy policies.
- Establish specific and solid privacy policies. This means that a data protection policy should be a reflection of the basic principles of the GDPR rather than just restating the principles of the GDPR.
These recommendations were put together following the DPA’s investigation of companies’ existing privacy policies. The investigation centred on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs. Alongside the recommendations, the Dutch DPA released a report (in Dutch) summarizing the investigation’s results.
- A description of the range and types of personal data that is being processed.
- A description of the aims of the processing of private data.
- Details about data subjects’ rights.
Upon completion of the investigation, the Dutch DPA found that the privacy policies’ descriptions of the types of personal data processed and processing aims were usually inadequate or incomplete. Due to this outcome, the Dutch DPA put together the six recommendations about that it believes companies should take into account when drafting privacy policies.
This comes not long after the annual report of the Dutch DPA revealed that “at least 94% of people are worried about the protection of their personal data. People are primarily
concerned about fraudulent use of their identity documents, monitoring of their online search behaviour and Wi-Fi tracking. In regard to these situations people tend to feel that they don’t have
complete control over their personal data. ” You can read the full report here. Chair of the Dutch DPA , Aleid Wolfsen said: “What it’s ultimately about is people having greater control over their personal data.”