AVG! What is changing?

What will change in the privacy rules with the introduction of the new privacy law?

From 25 May 2018, the General Data Protection Regulation (AVG) will apply. This new privacy law then replaces the current Personal Data Protection Act.

The privacy rules remain basically the same, but a number of new obligations are added. There will also be higher fines for breaching the obligations, up to 20 million euros or 4% of worldwide turnover.

What are the new obligations that the AVG entails?

The 10 most important changes to the privacy rules with the introduction of the AVG are:

  1. More detailed requirements for what should be included as a minimum in the processor agreement (referred to in the AVG, processor agreement).
  2. Specific rules when it comes to using children’s personal data.
  3. Obligation to keep an overview of the different flows of personal data that an organization uses.
  4. More extensive requirements for requesting permission to use personal data.
  5. Stricter rules for taking solely automated individual decisions, including profiling. Only automated individual decisions are taken if a computer or algorithm makes a certain decision about a person based on input of certain data, without involving a person.
  6. The obligation to perform a Privacy Impact Assessment (PIA) in some situations. A PIA is a risk analysis of the processing of personal data.
  7. The obligation for some organizations to appoint a Data Protection Officer (FG). An FG is a person who supervises compliance with privacy legislation within an organization.
  8. The new right to data portability or data transfer. This new right means that the persons whose personal data are processed are entitled to receive that data in a standard format under certain conditions.
  9. The obligation, where applicable, to take appropriate technical and organizational measures to apply privacy by design and privacy by default to the flows of personal data.
  10. More detailed requirements for the privacy statement.
What are the fines for violation of the AVG?

This AVG Fines Table contains an overview of the fines for violations of the privacy rules from 25 May, when the AVG will apply. The Fine table states the maximum fines that can be imposed in the event of a violation. The amount of the fine will ultimately depend on various circumstances such as the seriousness of the violation, the degree of guilt and any previous violations.

Leave a Reply