Rules for working with data
Are you an entrepreneur working with data? Then you have a number of obligations, among other things concerning security and privacy. There are European rules and regulations for working with data.
Reusing or analysing data
Do you analyse data? Such as customer data for marketing purposes? What you can and cannot do depends among others on the type of data. Do you, for example, handle personal data relating to customers, staff, or other persons, such as name, address, and telephone numbers? Then privacy rules (GDPR) apply.
If it concerns, for example, sensitive data such as data concerning health, you must, among others:
- be transparent about what you do with the data
- have permission
- implement (technical) security measures
Check what you need to do to protect personal data.
Using data from smart devices or services
Do you offer smart devices that collect and send data? For example, wearable devices to measure bodily functions? If you are the manufacturer of the device or the developer of the service, you must comply with the rules of the Data Act.
Among other things you must make sure that users:
- get clear information on which data are collected and how
- get easy access to their data
- can share their data with others or have the data shared with others
Find out which requirements you must meet if you sell smart devices.
Data in cloud services
Do you offer cloud services? You must ensure your users:
- can easily switch to another cloud service provider
- can take their data with them
- can exchange their data with one another when they use different cloud services at the same time
- know in advance how they can switch to another provider (this information must also be clearly stated in the contract)
Learn more about the Data Act rules for cloud services (in Dutch).
Data on platforms for social media services (intermediate services)
Does your business offer online intermediate services such as an online platform, hosting company, or social media service? For example, a website or app where users can post video’s, images, or reviews? If so, you must keep to the rules of the Digital Services Act (DSA) that ensure a secure, reliable, and predictable online environment.
You must for instance, make sure that you:
- are easily accessible to users and the authorities
- prevent the circulation of illegal content
- have a complaints system in place
Sharing and offering data
Do you have a data intermediation service? A data intermediation service offers services that connect data holders and data users with the aim of sharing data. You must keep the Data Governance Act (DGA) to ensure greater trust in data sharing.
You must for example:
- register your data intermediate service with the Netherlands Authority for Consumers and Markets (ACM).
- ensure that the data you receive are not used for anything else than sharing it with the data user at the data holder’s request.