Netherlands' DPA issues new data security guidelines

The Dutch Data Protection Authority (DPA) published, on 19 February, new guidelines on the security of data processing.

The new guidelines contain instructions on how to implement the security principles in practice, reports law firm Bird & Bird. Suggested possible security measures include access control, logging, incident response management, confidentiality agreements and encryption.

The new guidelines do not contain a methodology to decide on the sensitivity of the data being processed. As a result, no clear link can be made between the sensitivity of the data processing and the possible security measures. In that respect, the guidelines do not provide too much guidance on the measures to be implemented in specific situations, say Bird & Bird lawyers.

The Netherlands may soon adopt a Bill on data security breaches which would oblige organisations to notify breaches, and would carry a maximum fine of 200,000 Euros.

The security guidelines are available (in Dutch).