On 25 May 2018 the General Data Protection Regulation (“GDPR”) comes into effect. From that date the GDPR will have a direct effect on all EU Member States, and must be complied with. The current Dutch Personal Data Protection Act (“Wbp”) based on the Privacy Directive of 1995 (Directive 95/46/EC) will then cease to apply.

The GDPR radically alters the legal framework for the protection of personal data. It introduces new concepts, contains comprehensive new obligations for business, and strengthens the rights of data subjects (individuals whose data is being processed). Furthermore, the GDPR introduces hefty maximum fines of € 20 million or 4% of an organisation’s global turnover.

The GDPR has implications for virtually every company or organisation not only in the European Union, but also beyond its borders. Given strict regulations combined with high fines, it is prudent for companies to be aware of the content of the GDPR at an early stage, and to prepare themselves accordingly. We will show how our clients and business contacts can prepare for the GDPR as efficiently as possible in twelve steps. bureau Brandeis regularly assists parties with respect to the application of privacy legislation and has plenty of experience with the GDPR. Naturally, we will be happy to assist you with your preparations for the GDPR.