As of March, the ‘Autoriteit Persoonsgegevens’ (AP), the Dutch Data Protection Authority, will no longer supervise the municipality of Eindhoven. According to the AP, the municipality has made more work of privacy and data protection.
The intensified supervision of the AP began on March 1, 2023. The reason was a series of worrying signals about the way in which the municipality of Eindhoven handled personal data and privacy of people. These included instances where the municipality did not report data leaks at all or not on time. The data of people in Eindhoven were structurally stored for too long. The municipality also collected and used personal data at the time without first analysing the privacy risks, while this is mandatory.
Steps
The AP notes that the municipality has since made progress in various areas. For example, there is now a protocol for dealing with data leaks. In addition, the role and position of the data protection officer (FG) has been formally established and elaborated. The FG is the internal privacy supervisor who must be able to operate independently and must also be able to sound the alarm without being asked. The municipality is also drawing up a new privacy policy.
“As a resident, you should be able to trust that your municipality will handle your personal data properly, also because you depend on the municipality for all kinds of practical matters in your life,” says AP vice-chair Monique Verdier. “That was initially not arranged well enough. It is good to see that the Eindhoven board of mayor and alderpersons has now taken up the challenge and has implemented verifiable improvements.”
Terms and Conditions
The termination of the intensified supervision is subject to a number of conditions. For example, the new privacy policy must still be formally established. In addition, there will be an evaluation meeting with the AP no later than six months after the end of the intensified supervision period.
Source: www.studio040.nl
Translated by Yawar Abbas
