GroenLinks and PvdA are sounding the alarm about Eindhoven’s alleged delay in processing sensitive personal data of its residents.
Report from data protection officer
The political questions of the two parties arise from the annual report. This report was provided by the data protection officer. This officer is responsible for supervising the municipality’s handling of sensitive personal information of the residents. The report shows there is a serious backlog.
High privacy risk
‘Data protection impact assessment’, (DPIA), is carried out in the event of a ‘high privacy risk’. Based on this assessment, measures can be taken to reduce the risk of sensitive data falling into the hands of the wrong people or institutions.
Backlog
Currently, there are 59 DPIAs in progress at the municipality. Another 41 have yet to be started. The councillors want to know whether the municipality is aware of the problem of the large workload. They would like to know if immediate action can be taken.
Having the DPIAs in order is one of the necessities to comply with the AVG privacy law. But, also in other areas of personal data protection the municipality is behind the times, according to the councillors.
Measurable goals
In reaction to the report of the Data Protection Officer, no measurable objective was mentioned by the municipality, “such as a date by which the AVG must be complied with at the latest”. PvdA and GroenLinks propose that in a year’s time 100 per cent compliance with the privacy law should be achieved.
It is not the first time that Eindhoven municipality faces criticism for its handling of its digital housekeeping. At the end of 2021, the Court of Audit cracked down on the municipality’s digital information security.
Source: Studio040
Translated by : Anitha Sevugan
