General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Whenever you work with personal data, you have to record what happens to this data. The university will support you in working in a privacy-proof way.
From 25 May 2018, all European organisations must comply with a new law: the GDPR. The GDPR’s Dutch name is the Algemene Verordening Gegevensbescherming (AVG).
Personal data
The core concept of the new law is “personal data”. Whenever you work with personal data, you must be able to explain clearly, fully and in simple terms what happens to the data within an organisation, and how it is processed. You must record this in the data processing register.
Working under the GDPR
The following pages contain more information about:
- What you should do if unauthorised people gain access to data.
- How to tell if you are processing information with a high level of risk to privacy.
- A straightforward way to obtain valid informed consent.
- When you need a data processing agreement.
- Whether you should record personal data in the data processing register.
More responsibility for the organisation
The GDPR gives the university more responsibility. The university must put in place technical and organisational measures that make it possible for people to work securely.
More responsibility for employees
We are all responsible for protecting people’s privacy. It’s your responsibility to process personal data as conscientiously as possible. Find out what steps you can take to reduce risks to privacy.