The UvA has launched a project group to prepare the university for the transition to the General Data Protection Regulation (GDPR). The project group, managed by Dominique Campman, will ensure the UvA achieves the maximum possible level of compliance with the GDPR as soon as it enters into force on 25 May.
Within the UvA, numerous activities are already being carried out in relation to (aspects of) the new GDPR which replaces the current Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens, Wbp). The GDPR specifies regulations for the protection of individuals in connection with the processing of their personal data and applies several basic principles such as lawfulness, care, transparency, confidentiality, integrity and data minimisation. The same principles are also found in the Wbp and are therefore already applicable law, but the GDPR imposes more stringent requirements on their implementation and asks organisations for greater documentation and justification in this area.
In order to ensure the UvA has reached the maximum possible level of demonstrable compliance with the GDPR by the end of May 2018, the project group will coordinate the current activities on a centralised basis. Within the project, a distinction is made between the short-term preparations for the introduction of the GDPR (such as setting up processes which relate to the rights of staff and students and communication regarding the practical consequences of the GDPR) and activities with a longer timeframe, such as implementing a register of personal data processing operations and establishing policies which relate to storage periods.
By the end of May 2018, the UvA wishes to be as demonstrably compliant with the GDPR as possible. However, ensuring compliance with the GDPR in the longer term will take several years and will be an ongoing activity.
Questions about the project? Contact Dominique Campman: firstname.lastname@example.org.