SGOA has formed a specialist Privacy & Security Department ('Privacy & Security Kamer'), which will be responsible for dealing with, resolving and settling disputes and conflicts to do with the protection of personal data and information security. This initiative has been prompted by the introduction of the General Data Protection Regulation (GDPR) and the increasing importance of ICT security.
Thanks to the GDPR, the European privacy rules which businesses and organizations must comply with from 25 May 2018, the privacy of citizens in Europe is attracting a great deal of attention at present. The GDPR affects all of society, from large companies to small and medium-sized enterprises. ICT companies too, such as software suppliers, Cloud providers, hosting companies and other ICT service providers, in view of the interest their clients have in ensuring that personal data is properly protected, are giving their full attention to the GDPR. The GDPR also extends to private and public organizations.
In order to strengthen the protection of personal data, the GDPR is introducing a large number of new obligations and sanctions, also in the area of ICT security. The obligations concerning information security have been considerably strengthened in a number of ways, such as the introduction of new rules on ‘privacy by design’ (the conversion of the principles of the GDPR into software code) and ‘privacy by default’ (the technical set-up of privacy). The threat of astronomical fines if privacy and security obligations are breached is also focusing the mind.
In the ICT sector, the GDPR is also making its presence felt in new, usually much more stringent requirements in ICT contracts, requests for tenders and tender documents. This can be seen, for example, in processor agreements and other contracts that are designed to ensure that personal data is dealt with carefully. These contracts deal with difficult and wide-ranging matters, as the issue of privacy and security has now grown to become a specialist discipline.
Failure to comply with statutory rules and contractual provisions concerning privacy and security can lead to complex conflicts and disputes. Since its formation in 1989, SGOA has already been involved many times in disputes on privacy and security. SGOA can call on experts with many years of extensive practical experience in privacy and security matters. A significant advantage of having SGOA deal with disputes in this area is the total confidentiality and secrecy that is guaranteed under the SGOA regulations. Unlike the situation with the regular courts, privacy and security disputes dealt with by SGOA are never exposed to the general public.
With its Privacy & Security Department, SGOA is fulfilling its social responsibility to play, even more clearly than before, a professional, independent and impartial role in dealing with disputes and conflicts. A dispute or conflict can be submitted to the Privacy & Security Department on the basis of existing SGOA rules. The associates of SGOA who form the Privacy & Security Department all have extensive and in-depth experience in this area.
Privacy and security disputes come in all shapes and sizes. Among the issues dealt with by the Privacy & Security Department are:
Specific, customized arrangements can be made to deal with disputes between businesses and organizations on the one hand, and citizens whose data are processed on the other hand.
Disputes and conflicts can be dealt with within the Privacy & Security Department according to the existing SGOA rules for arbitration, ICT mediation, binding third-party rulings, Rapid Conflict Resolution and expert reports. More information on the composition and working methods of the Privacy & Security Department can be obtained from the SGOA office.