On 27 April 2016, the General Data Protection Regulation (GDPR) was signed by the European Parliament and the European Council. Basically, the law states that it should be clear to users what data companies, bodies and sites want to have about them, or have already saved. All companies offering services in the EU must comply with the rules, from Facebook and Google to the local football club and bank. According to Van den Berg, the law is mainly aimed at companies. "See the rules as the seat belts for the internet: they were not mandatory in the past, but that is now unthinkable."

The law into practice

The law makes many things on paper safer, easier and clearer for citizens. But will that also apply in practice? "Yes, in the field of data protection the law is an improvement," says Van den Berg. "Things will still go wrong, but the chance of mistakes at companies is smaller, partly due to the high sanctions." If a company violates the new law, the Dutch Data Protection Authority can impose a maximum fine of 20 million euros or 4 percent of the annual worldwide turnover, with the highest variant being applicable. Van den Berg does not expect that large companies will be fined quickly. "Large companies started their preparation for the law two years ago, companies will be prepared by now”.

Read here the full article (Dutch only).

• big data
• privacy
• privacy & identiteit