It is important to note that even though the GDPR is a European Union law, it affects businesses around the globe.
The guidelines issued are as follows:
- use internal and/or external expertise (in this respect, the Dutch DPA states that companies’ data protection officers can play a role in implementing privacy policies);
- draft specific and concrete privacy policies (a data protection policy should be a concrete reflection of the principles of the GDPR as simply reiterating the principles of the GDPR is not sufficient);
- raise awareness (although this is not a requirement under the GDPR, the Dutch DPA recommends publishing privacy policies to ensure that data subjects are aware about how companies handle their personal data); and
The original report is located here: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/rapportage_verkennend_onderzoek_gegevenschermingsbeleid.pdf.
This post was written in conjunction with the AOTMP® Efficiency First® Framework’s Regulatory Compliance and Risk Management core activities.
Efficiency First® Framework v3.0 is the standard for measuring telecom, mobility, and IT management Center of Excellence maturity. It defines a comprehensive set of strategic performance measures, tactical diagnostic measures, and best practice principles used to optimize Center of Excellence business value. Enterprise organizations adopt the Framework and vendors align solutions to Framework principles.