Urgent letter CIO Platform Nederland to the DPA’s to test software together

Urgent letter CIO Platform Nederland to the DPA’s to test software together

2019-09-23 Brandbrief AP.jpgTuesday 24 September 2019 08:30

Today CIO Platform Nederland has sent a letter to the board of Autoriteit Persoonsgegevens (AP, Dutch DPA) the Dutch Data Protection Authority. In it we call on AP to set up a program together with the other European DPA’s that should lead to better compliance of commonly used software products, services and the associated conditions with the General Data Protection Regulation (GDPR).

The reason for this is the case* of Strategisch Leveranciersmanagement Rijk (Strategic Vendor Management for the central government – SLM Rijk) with regard to Microsoft, about which information has regularly been shared. This case shows that the time and costs involved in getting just a handful of Microsoft products, services and agreements to comply with GDPR are huge. When that experience is extended to all vendors, their products, services and agreements and to all customers (who are often held responsible by GDPR), then it is unaffordable and next to impossible to be compliant with GDPR.

In the interests of users, vendors, DPA’s and the individuals whose data are processed, it is desirable that testing and adaptations are done once only and done right for the whole of Europe. That requires joint action by the DPA’s united in the European Data Protection Board.

*See also: Tweede Kamer (Dutch Parliament), 2018-2019, 26 643, nrs. 585 and 622. See also: https://www.rijksoverheid.nl/documenten/publicaties/2018/11/12/strategisch-leveranciersmanagement-microsoft-rijk-slm-microsoft

Please find the letter here (for CIO Platform Nederland members only, behind login)

« Back