The Data Leaks Reporting Requirement Act was adopted by the Senate in June 2015. The law obliges companies to report violations of personal data protection that may have serious adverse consequences for those involved. In addition, the CBP will be granted the power to impose fines amounting to up to € 810,000. The law is a means of preventing data leakages, emphasises CBP chairman Jacob Konhstamm during the presentation of the policies.
Nederland ICT supports the government’s intention to improve the protection of personal data and believes the requirement act is a good way of achieving this. However, this does require clear rules and thus legal certainty for companies. The legal text did not provide this clarity, which would be further explained in policies. CBP has given Nederland ICT the opportunity to comment on earlier versions of these policies.
The definitive policies are still being studied by Nederland ICT at the time of this publication. Based on this, in the near future we will be creating an exemplary processing agreements, serving as a tool for ICT companies to tailor their agreements with customers on these new reporting requirements.
The policies can be downloaded from the CBP’s website.