Netherlands Data Privacy Laws
The Netherlands implemented the EU Data Protection Directive 95/46/EC on in September 2001 with the Dutch Personal Data Protection Act (DPA). Enforcement is through the Dutch Data Protection Authority (College Bescherming Persoonsgegevens). The general data protection law is the Wet bescherming persoonsgegevens, while the DPA is the basis for secondary privacy legislation, most notably the Exemption Decree DPA (Vrijstellingsbesluit) which exempts the processing of a range of data categories from the obligation of advance notification.
The Dutch Data Protection Authority ensures that the law is enforced and monitors data controllers and processors who must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
Under Dutch law, it is permitted to process personal data in the cloud (although the general principles of the DPA apply), but there are restrictions on transfers of data to third countries. Transborder data flows may take place to specific countries where a standard set of conditions are satisfied. The Commission has found these whitelisted countries provide an adequate level of protection for personal data: Andorra, Argentina, part of Canada, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and organizations in the US which have committed themselves to the “Safe Harbor”.
Satisfying Dutch Data Privacy Requirements via a Cloud Data Protection Platform
One solution organizations are increasingly utilizing to address stricter residency/sovereignty requirements is a Cloud Data Protection Gateway. These Gateways allow enterprises and government agencies to replace regulated or sensitive data with a token before it goes to the cloud. When using tokenization, sensitive data never leaves the organization’s control – making it particularly useful for enterprises operating in countries with strict data residency and sovereignty laws.
Data Privacy, Laws & Regulations
The Blue Coat Cloud Data Protection Gateway lets Dutch enterprises define their data protection policies to ensure that sensitive data is appropriately secured and protected in cloud applications. Authorized data security administrators can select, on a field-by-field basis, whether to allow a data going to the cloud to remain in clear text, to be encrypted, or to be replaced with a token. The data in the cloud is either tokenized or encrypted so it is meaningless when viewed in the cloud, and organizations can be confident that their sensitive data is within their full control at all times.