The Dutch Data Protection Authority (DPA) has released six recommendations in relation to privacy policies for companies in the Netherlands.
Autoriteit Persoonsgegevens (the Dutch DPA) advises companies who are drafting and using privacy policies to:
- Speak with privacy specialists, including the company’s data protection officers and 3rd party experts, when designing and implementing privacy policies.
- Create specific and robust privacy policies which are in line with the basic principles of GDPR.
- Create and put in place privacy policies even if GDPR does not require them, as this will indicate that the company is making every attempt to secure protecting personal private data.
These recommendations arise from DPA’s reviews into existing privacy policies of firms working in the Netherlands. The DPA investigates firmss that process sensitive personal data, including health data and data related to individuals’ political beliefs. Alongside the guidelines, the Dutch DPA released a report (in Dutch) summarising the investigation’s outcomes.
- A description of the sort and varieties of personal data that is being dealt with.
- A description of the targets of the managing of the private data.
- Specific details regarding data subjects’ rights.
The Dutch DPA’s investigation found that the privacy policies’ descriptions of the types of personal data processed and processing aims were typically inadequate or incomplete. This lead to the Dutch DPA to establish the six recommendations above that it believes companies should take into account when creating privacy policies.
This comes soon after the annual report of the Dutch DPA showed that “at least 94% of people are worried about the security of their personal data. People are mainly worried about fraudulent use of their identity documents, reviewing of their online search behaviour and Wi-Fi tracking. In regard to these situations, people tend to feel that they don’t have
complete control over their personal data.”
Chair of the Dutch DPA, Aleid Wolfsen commented: “What it’s ultimately about is people having greater control over their personal data.”