Privacy law AVG (GDPR) - May 25, 2018

In May 2016, the General Data Protection Regulation (GDPR) was announced. In Dutch, this law is called the General Data Protection Regulation (AVG). All organizations that process personal data were then given two years to comply with this new regulation. On 25 May 2018, the time has come and the General Data Protection Regulation (AVG) will enter into force. It replaces the Personal Data Protection Act (WBp). But what does the AVG mean for you as a customer of MijnHostingPartner.nl, and what are the possible consequences for your customers and visitors?

Several customers have approached us to enter into a separate processing agreement, but as you can imagine, with a large number of customers this is not a feasible option. On the advice of specialists in the field, we have chosen to add an appendix to our general terms and conditions in which we have laid down clear agreements on this subject. When you purchase your product, you agree to our general terms and conditions. By doing so you give your permission and that is sufficient as a processor agreement.

When do you process personal data?

You are already processing personal data as soon as you ask someone to leave their email address. On most websites there is even a much more extensive contact form. So if you ask visitors to your website via such a contact form to leave their email address or more (phone number and the like), then you are also processing personal data. In that case you must certainly comply with the AVG. (The use of cookies and statistics via Google Analytics also falls under personal data).

What data do you really need?

Some forms on websites are very extensive. If you also have such an extensive form on your website, then it is good to ask yourself whether you really need all the personal data you ask for. With the arrival of the AVG you cannot collect more information than is strictly necessary for the purpose for which you need it.

Who are the data subject, responsible party and processor?

Data subject

This is a private person whose data is being collected, by which this person can be identified directly or indirectly.

Processor

This is the party who collects/needs the data. If you have a website at MijnHostingPartner.nl with a form on it, as mentioned in our example, then you are the data controller. Because you do not host your own website, but have outsourced this to us, the AVG requires you to enter into a processing agreement with us. This applies not only to the agreement with MijnHostingPartner.nl, but all parties to whom you provide personal data.

Processor

MijnHostingPartner.nl is in this article a (sub)processor. After all, we host websites for many different customers, some of which presumably also process personal data.

If you, as a customer, build websites for other parties, you too have the role of processor, with MijnHostingPartner.nl acting as sub-processor. In that case your client has a processor agreement with you and you in turn with us. The MijnHostingPartner.nl processor agreement is an integral part of our terms and conditions as of May 25, 2018.

What is in the Processors Agreement?

A processor agreement must contain at least a number of items. For example, there are formulations about purposes of processing, obligations of processor, transfer of personal data, division of responsibilities, use of third parties or subcontractors, security, duty to report, handling of requests from data subjects, secrecy and confidentiality, audit, duration and termination and a number of other provisions.

If you have any more questions following this article, you can always create a ticket via the customer panel.