Privacy law GDPR (AVG) for beginners

Your business or organisation must comply with EU privacy legislation. How you should handle personal data of, for example, your customers, suppliers, and employees is set out in the GDPR, known in Dutch as the Algemene verordening gegevensbescherming (AVG). But what exactly is personal data?

Personal data

Personal data is information you can link to a natural person. For example, a first and last name, address, telephone number, and passport photograph. But also, customer and personnel numbers, internet purchasing behaviour, trade union membership, religion, medical information, and video and sound recordings on which a person can be recognised.

A business or organisation is not a natural person, so the AVG does not usually apply to those. But information about a business or legal entity may say something about a natural person. For example, data from a small business can be linked to the owner. In that case, the AVG does apply to data of a business or organisation.

Retaining personal data

Your business or organisation will usually have to deal with personal data. For example, by keeping track of customer appointments and contact details. Or if you receive an online order. You may then only use the name and address details for that order and must store the data securely.

Also, you must not keep that data longer than necessary. If a newsletter subscriber unsubscribes, for example, you must delete their email address and other personal data.

The AVG includes rules ranging from storing customer information in a database, to sharing data with external parties. And it is not just about digital data; physical documents containing personal information are also covered by the law.

Privacy rules for all businesses and organisations

The AVG applies to businesses of all sizes, from sole traders and small businesses to large organisations processing personal data. But also, to, for example, governments, schools, associations, and foundations. The law applies to all countries in the European Union. 

Differences in AVG measures

Not every business or organisation has to take the same AVG measures. It depends on its size, among other things. It also depends on the type of work and services you provide. Read what your business or organisation must do to comply with the AVG.

Even if you only keep customer names and email addresses in an Excel sheet, you are obliged to comply with the rules. Even if you work with third parties, such as an accountant. You are responsible for what happens to your bookkeeper's personal data.

The AVG/GDPR helps you handle personal data openly and professionally. This is not only required by law, but also helps you build a good reputation. By following the rules, you avoid fines and give customers the confidence that their data is in safe hands with you.