Cooler Media

What is the GDPR?


Rules, rules and more rules … We Europeans all have to comply with them since 25 May 2018. The GDPR (AVG in Dutch) keeps many Marketers and Jurists awake, even if it’s just the paper trade. So check everything you need to know in our AnyStory about the GDPR.

Let’s create an unique GDPR explainer video for your organization

The script

Your email address, health statement or salary details are personal data that you would rather keep to yourself. But sometimes you have to share this information, for example to open a bank account or apply for a mortgage.

The General Data Protection Regulation the GDPR, was put in place to ensure that you maintain control of your privacy. With this regulation, the European Union wants to centralise policy, provide better protection for its citizens and stimulate more innovation concerning personal data.

The GDPR succeeds the 1995 European Data Protection Directive. This legislation is outdated as it does not take enough account of modern developments such as Social Media, Cloud Storage or Cyber Crime.

The GDPR is focused on broader protection for EU citizens. Organisations must now inform their customers proactively and on request about how their personal data is collected and processed. It must be possible to transfer the data easily to another service provider  or to delete the data in its entirety if the privacy of the person in question outweighs the interests of the user. Even where the data is shared with third parties. Also, in most cases it is mandatory to report a data leak within 72 hours. This has been the case in the Netherlands since 2016.

Organisations that use personal data on a large scale, and with special risks, are required to have a Data Protection Officer. The primary task of the Officer is to safeguard the privacy of prospects, customers and employees. For example by coordinating and updating processing records. And by encouraging transparency concerning data use.

A first step toward preventing damage, loss or violation of personal data is to have good technical and organisational security. For example making regular back-ups and using encryption to prevent access by others or to limit such access. If despite this a leak does occur, it must be identified and reported quickly. This limits and prevents damage to the person(s) involved, and loss of reputation and fines for the organisations in question which can amount to 4% of the total turnover.

The priority is to minimize data storage. Organisations may only use personal data for a specific, previously defined purpose, and solely undertaken under one of the six legal grounds for processing. If this is not the case and the retention period has expired, the personal details must be removed immediately.

If an agreement is being terminated, the service provider must remove the data at the end of the retention period and demonstrate that this has taken place by keeping records which can be examined on demand.

Sharing personal data is associated with a certain greater or smaller degree of risk. Our tip: be aware of what data you are sharing, why and with whom.

Our AnyStory knowlegde partners

Cooler Media 2023 - Nick (klein)

Nick Bökkerink
Explanation Director

Do you want to make the world less complex together?

Do you want to contribute to the next AnyStory as a partner? Share your idea with us.