On May 25, 2018, a new law went into effect for all countries in the EU: the General Data Protection Regulation (GDPR). The GDPR replaces the previous law, the Personal Data Protection Act. The new law includes more obligations for companies and organizations that process personal data. To stay well informed on this topic, we recommend the following:

• Study the information about the new legislation on the Personal Data Authority site.

• Read the GDPR legislation.

• Follow the checkpoints on the GDPR Checklist.

GDPR Checklist

1. SSL on your website #

Make sure your websites can only be visited via https. Also, for practical and search engine reasons, we strongly recommend that you provide your website with full SSL.

2. Privacy page

As a company, it is important to show which data you process and what for. You can do this by having a Privacy page on your website.

3. Securely connect email

It is important that you also use an SSL connection for your e-mail. If you don’t have this, your network is completely readable by someone else. So make sure your emails are only sent and retrieved securely.

4. Processor Agreement

Provide a signed ” processor agreement” and other data processors applicable.

5. Provide a secure website

An optimally secure website is important, especially for items that contain personal data.

6. Remaining matters

Consider the following:

• Fines for violations of the law

• The rights of involved parties

• Maintaining a processing activity register

• The possibility that clients may need to conduct a Data Protection Impact Assessment

• Privacy by Design & Privacy by Default

• Assigning a Data Protection Officer