Last year, all boa employers were required to have an external audit to assess their handling of personal data. Boa employers that were rated inadequate on one or more criteria must now re-audit those criteria. They have until March 1, 2024, to submit the results to the Personal Data Authority (AP).
Employers of boas with investigative duties must have an external audit of their handling of personal data conducted every 4 years. This is stated in the Police Data Act (Wpg). The AP uses these reports for effective supervision.
These are employers such as municipalities, transportation companies and nature managers. They are responsible for supervising the work of their boas.
Last year's reports showed that a significant portion of boa employers did not yet have their compliance with the Wpg in order. Organizations that were insufficiently compliant were required to take improvement measures. The deadline to have these items reassessed and send the report to the AP was Dec. 31, 2023.
The AP is extending this deadline to March 1, 2024. This is because the AP's Wpg report showed that internal processes can cause delays in sending. Boa employers will therefore be given an additional 2 months to provide the Wpg audit re-audit transcripts.
Please note that as a boa employer, you cannot deviate from this deadline on your own initiative.
Katja Mur, AP board member: "We want boa employers to have their affairs in order so that citizens can trust that their personal data is being handled carefully."
Audits are an important tool for internal oversight within an organization. By conducting the audit properly and on time, an organization ensures that personal data is processed properly.