Following an amendment to the Dutch Data Protection Act (DDPA), the Dutch Data Protection Authority (Dutch DPA) – also known as the College Bescherming Persoonsgegevens (CBP) – now has the authority to impose fines of up to €810,000 or 10% of annual turnover on breached organisations.
The amendment – introduced through an adjustment to article 66 of the DPPA, was first proposed in 2013; the Dutch Senate adopted the proposal on 26 May 2015. Previously, the CBP could only fine breached organisations €4,500 for DDPA violations, regardless of their size. This leap in sanctions has put Dutch organisations under increased pressure to protect the data they gather, process and hold.
The EU General Data Protection Act (GDPR), which has similar aims to the DDPA, is expected to be implemented later this year and will come into force in 2017.
Best-practice information security
Dutch organisations that want to fulfil their data protection obligations and comply with both the DDPA and GDPR are advised to implement an information security management system (ISMS), as described in the international best-practice standard ISO 27001.
An ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification. In addition to this, the external validation offered by ISO 27001 certification is likely to improve your organisation’s cyber security posture while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts – as well as allowing you to meet legal and regulatory obligations.
The ISO 27001 Get A Lot Of Help is by far the most popular package, combining a comprehensive mix of core ISO 27001 standards and implementation guidance with key implementation tools, attendance at our live, online masterclasses, and our unique Mentor and Coach service – all at a fixed price.