The General Data Protection Regulation (GDPR), has been in force throughout the European Union since May 25, 2018. The GDPR legislation aims to better protect the personal data of European citizens and regulate its processing.
Whether an organization falls under the GDPR legislation depends on the following criteria:
- The organization that processes the data has its home base in the EU;
- The personal data being processed belongs to an EU resident.
Please note: the GDPR law does not apply to data processing by authorized authorities with the aim of promoting national security.
What does the GDPR mean for your organization?
The GDPR legislation sets requirements for the processing of personal data by organizations. Below you can read the most important aspects.
Privacy rights
Individuals have extensive control over their data. This includes:
- Right of access: Anyone may request which data is kept about him or her;
- Right to correction and deletion: People can demand that incorrect or unwanted data be adjusted or deleted;
- Right to data portability: Upon request, data can easily be transferred to another service provider.
Responsibility of organizations
Companies only collect and process personal data if this is strictly necessary. They take measures to ensure the security of this data and can demonstrate this. This means:
- Privacy by design: Privacy is taken into account when developing systems and processes;
- Privacy by default: Only the minimum required data is collected by default.
Enforcement and fines
The privacy regulators in Europe have extensive powers. They can:
- Imposing fines of up to €20 million or 4% of annual global turnover;
- Issuing warnings and sanctions;
- Carrying out checks to test whether companies comply with regulations.
What if you do not comply with the GDPR legislation?
Failure to comply with GDPR legislation can have serious consequences. It is therefore crucial to ensure that your company is GDPR compliant.
In addition to the financial sanctions that can put a company at risk, an organization may also have to deal with:
- Reputational damage: Customers attach great importance to privacy. A data breach or privacy violation can lead to loss of trust;
- Legal consequences: Organizations can be held liable by consumers and regulators.
The BC 5701 as GDPR standard
GDPR Certification Standard and Criteria BC 5701 helps organizations to systematically meet the requirements of the GDPR. The Dutch standard (2023) has been approved by the Dutch Data Protection Authority and the English standard (2024) by the European Data Protection Board. The 2023 version is currently in the process of obtaining accreditation.
The standard provides a practical framework that allows you to:
- Brings the processing of personal data in line with the GDPR legislation;
- Risks of data leaks are reduced by implementing appropriate security measures;
- The trust of customers and partners is strengthened through demonstrable compliance with legislation.
By choosing certification according to the BC 5701 standard, your organization demonstrates that it takes data protection and privacy seriously. This can be a differentiating factor in the market and contribute to strengthening your reputation.
How can Brand Compliance help?
Compliance with GDPR legislation can be complex. At Brand Compliance we offer the following practical solutions:
- Whitepaper GDPR certification: More insight into the value of GDPR certification;
- Certification criteria: A framework to meet the requirements of the GDPR;
- Gap analysis: A thorough audit to see where your organization stands with regard to GDPR. You will receive a clear report with points for improvement;
- Certification: Testing and confirmation that your processes are designed to meet the requirements of the regulation.
By taking timely action and taking the right measures, you will avoid fines and ensure that your organization fully complies with the General Data Protection Regulation.
Has your organization already carried out a GDPR compliance check? Contact us for advice and support!