The Ministry of Justice and Security has published a manual that explains the main provisions of the Regulation and the Dutch General Data Protection Regulation Implementation Act.
Click here for the General Data Protection Regulation (AVG) manual.
May 25, 2018, the General Data Protection Regulation ("Regulation" or "AVG") is directly applicable in all European Union member states. The Regulation is the successor to the Personal Data Protection Act in the Netherlands. The purpose of the Regulation is to safeguard two interests: the protection of natural persons in connection with the processing of their data and the free movement of personal data within the European Union ("EU"). This manual explains the main provisions of the Regulation and Dutch General Data Protection Regulation Implementation Act (the 'Implementation Act' or 'UAVG'). The manual replaces the Wbp Manual. The manual was compiled by legal consultancy Considerati under the auspices of the Ministry of Justice and Security. An external sounding board group was consulted in the preparation of the manual. An overview of represented organizations and subject matter experts is included in section 10.2. This manual is aimed at anyone who wants to learn more about the Regulation and the Implementing Act, but is primarily addressed to "data controllers," that is, those who intend to process personal data for a specific purpose. In particular, this guide is intended for readers who already have some knowledge of data protection law and are looking for further in-depth information in order to implement within their organizations the measures required by the Regulation. Primary target groups are thus (novice) data protection officers, privacy officers, corporate lawyers, compliance managers, risk managers and security officers. When reading this guide, it is good to keep the following two issues in mind. First, the issue of applicable law (see Chapter 3). The Regulation has direct effect throughout the European Union, harmonizing the rules for the protection of personal data. But, on specific points, the Regulation gives member states room to give further interpretation to the provisions. This interpretation takes place via so-called implementing laws. This guide is written from the perspective of the Dutch Implementation Act. Please note that depending on your specific situation, not the Dutch implementing legislation, but another implementing legislation may apply to your data processing operations. Its content may differ from what is described in this manual. Second, the issue of interpretation of the Regulation. The Regulation is a voluminous piece of legislation with only a limited written explanation. Therefore, on many points it is (still) unclear what the exact interpretation of terms and provisions should be. Because the Regulation is a European law, the further interpretation of which is up to the regulator(s) and the European courts, this manual only anticipates the interpretation of concepts that are as yet unclear to a limited extent. Where, in particular, there is ambiguity about the interpretation of terms, this is explicitly mentioned. Where useful, the manual refers to the General Data Protection Regulation Implementation Act. It should be noted that the bill is still in the stage of parliamentary consideration and may change. A subsequent version of the manual will pay more extensive attention to the Implementation Act. In light of the above, the electronic version of this manual will be periodically revised to reflect the latest developments in the application and interpretation of the Regulation. You can find the latest version of this manual at:rijksoverheid The Hague, January 8, 2018 Ministry of Justice and Security
Click here to read the entire General Data Protection Regulation (AVG) Manual.
