KPMG: THREE TIPS TO MAKE THE AVG WORK FOR YOU
For those who know the privacy rules well, the AVG offers many opportunities. Only last month, the Authority for Personal Data (AP) reported that it had already received 10,000 privacy complaints in six months’ time. And that means that, as a company, you can play a positive role in the spotlight when your privacy is in good order. After all, customers really care.
The General Data Protection Ordinance (AVG), the new European privacy law, caused quite a stir last year. As a result, it has made consumers very aware of their privacy. Now, at the beginning of 2019, privacy has become an important pillar of your reputation.
And your reputation is valuable. That’s why your customers come to you and why they come back to you. Moreover, more and more companies are working in a shorter chain, closer to the consumer. Like the commercial bank that also offers an investment service for private individuals. More personal data, therefore, with more sensitivities.
Nevertheless, we see that many organisations are waiting, especially because the Authority for Personal Data (AP) took a lenient stance last year. However, we expect the AP to exercise its enforcement powers more vigorously this year. Reason enough to pay more attention to privacy. Our three tips:
TIP 1: START WITH A GOOD DATA REGISTER, IT PAYS FOR ITSELF
Of the 10,000 reported complaints about breaches of privacy, more than a third (!) concerned the right of access that was not granted or could not be granted. Last spring, 60% of the consumers surveyed indicated that they wanted to exercise this right of inspection. Because of the popularity of this right of inspection, it pays to have the data in order in your company. To have a good data register – in legal language: a ‘processing register’. In this register you can see which data are in house, for how long they may be kept and for what purpose, and who within your organisation is responsible for them.
With an up-to-date register you can show that the privacy of your people and your customers is serious to you. And if your customers request their data – and that could just be 50% of your customers, if your file represents the average in the Netherlands – you can submit it immediately. This way, you can avoid a complaint to the AP. And that’s good news.
TIP 2: KNOW YOUR ROOM FOR MANOEUVRE: MORE IS POSSIBLE THAN YOU THINK
But there is more to be gained from knowing the rules of the game. Because with all the attention for the AVG, there are also companies that exceed their measures. Who, for example, hardly dare to send direct mail anymore. While, legally speaking, there is sufficient room for manoeuvre. Especially when it comes to existing customers. And when customers trust their company, almost 60% are prepared to share their data without further ado.
TIP 3: GET IT RIGHT IN THE ‘BUSINESS AS USUAL’ IN
With a good data register, you create an overview. But then the real work begins. Because do you develop a new product, focus on a different group of customers, do you decide to introduce a different revenue model? Then it may just be that this affects the privacy of your customers or employees. Make sure you have ‘privacy by design’: that privacy is ingrained in every process. And that you have a well-designed risk and compliance circle. The further your organisation grows, the more mature you become and the more important such an R&C circle becomes.
SO HELPT KPMG
With Privacy-as-a-service we offer you – together with our partner CompLions-GRC – a complete approach: a combination of our expertise and the CompLions-GRC smart compliance tool. We know business processes and risks through and through, are able to translate privacy frameworks into your company and use a pragmatic and hands-on approach. In addition, we support you with specific services, such as an independent Data Privacy Officer (DPO) at a distance. With a range of specialisms related to privacy, both in the Netherlands and in Europe, you can be sure that you can continue to grow with peace of mind.
Chantal Rademaker de Ridder
Partner Cyber Security