Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

AVG 2.jpgMonday 12 April 2021 17:32

On April 5th, the Financieele Dagblad published an article with contributions from CIO Platform Nederland about the issues business users face concerning compliance with the GDPR. The article did not remain unnoticed, but also contained a few inaccuracies. Please find below both amendments and a reference to the parliamentary questions asked and other publications in the media based on the article.

In the article (in Dutch) ‘Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet', the FD pays attention to the problems users of digital products and services encounter in complying with the GDPR. It demonstrates the imbalance in of liability and responsibility between suppliers and users. CIO Platform Nederland therefore calls on the legislator to ensure that software suppliers are only allowed to supply their products to the EU market if they themselves comply with the AVG requirements. On behalf of CIO Platform Nederland, the FD interviewed Ronald Verbeek (director) and Arthur Govaert (chairman).

Amendments
CIO Platform Nederland agrees with the general scope of the article and is convinced that the article illustrates important injustices. However, the printed version of the article was not entirely in line with our input and vision. The FD saw no possibility to publish our requested amendments. Therefore, please find our response below:

Reaction CIOPN
CIO Platform Nederland agrees with the thrust of the FD article "Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet" (In Dutch) of April 6th. The responsibility for the security and compliance with EU legislation of software and cloud services must be more evenly distributed between user and provider. 
The article states that the CIO’s are making an admission, this is not the case. Research by the Dutch central government shows that frequently used products/services of Microsoft and Google are not AVG compliant in some respects. Our conclusion is that it is virtually impossible for users to comply with the AVG as long as the software and cloud services they use do not comply.

Further on, it is suggested that the actions of care workers of Radboudumc are followed by Microsoft. This is incorrect. Measures were taken before the software was put into use at the UMCs. This did require negotiating power on the part of the central government, which most companies do not have.

Key Issues
According to the CIO Platform Nederland the article, in combination with the amendments, addresses the following key issues:

  • When a data leak occurs due to unsafe software, the software supplier should be held accountable for a substantially larger proportion than is currently the case, not the user.
  • The European government should ensure that software entering the European market complies with European laws and standards.
  • The lack of responsibility and accountability results in that, for example in the case of the General Data Protection Regulation, user organizations run the risks of i.a. fines, not the supplier of the software or Cloud service.    

Parliamentary questions and other media
In the days after the publication, the article generated a lot of attention. The story featured in different media such as BNR nieuwsradio and NPO Radio 1. Furthermore, member of parliament Kathmann (PvdA) submitted six parliamentary questions based on the article. These questions are largely in line with the points made by CIO Platform Nederland, with one important exception. The view attributed to CIO Platform Nederland and its director, namely 'that not the user of software, but the developer should be responsible for implementing AVG requirements' is not ours. As stated above, we believe that responsibility should be shared more fairly, whereby if the defect is in the software, then the developer of that software should be held responsible, not the user.

Lastly, in the near future we will try to give a good follow-up to the attention and results the article generated. We will continue to promote our collective views about GDPR compliance and the inequality in the software and Cloud market.

Read the follow up article on GDPR compliance challenges of April 18th in FD (in Dutch). European Data Protection Supervisor is  researching contracts with Microsoft regarding possible storage of personal data of European Commission staff in the US.

For questions and/or remarks send an email to info@cio-platform.nl.

Tags
CIO Platform Nederland
Vendor Relations

« Back

More news

Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

AVG 2.jpgMonday 12 April 2021 On April 5th, the Financieele Dagblad published an article with contributions from CIO Platform Nederland about the issues business users face concerning compliance with the GDPR. The article did not remain unnoticed, but also contained a few inaccuracies. Please find below both amendments and a reference to the parliamentary questions asked and other publications in the media based on the article. full story
Tags
CIO Platform Nederland
Vendor Relations

Advisory report NL Cyber Security Council advises an integrated approach to cyber resilience with management at the highest level

CSR Adviesrapport.jpgWednesday 07 April 2021 Yesterday, the demissionary Minister of Justice and Security presented the Cyber Security Council's CSR Advisory Report "Integrated approach to cyber resilience" to the House of Representatives. It contains concrete (strategic) measures to be taken in the short term to get our cyber resilience to the necessary level as quickly as possible, including the corresponding investments of € 833 million. CIO Platform Nederland, represented in the council by Claudia de Andrade - de Wit, is pleased with the publication and emphasizes the importance of the central approach full story
Tags
CIO Platform Nederland
Information Security

Inspiring Board webinar Data Rules!

21-03-02 Data Rules intro Sjoerd.pngThursday 18 March 2021 'Data Rules!' - our inspiration-webinar on value creation through data- specifically designed for the (non-) executive board members and CxOs of the member organizations of CIO Platform Nederland was a huge success! Expert speakers from Alliander, DPG Media, Pon, Royal Schiphol Group, PostNL, Picnic Technologies, Rijkswaterstaat and Radboudumc inspired the interactive audience on the importance, opportunities and impact of data. full story
Tags
CIO Platform Nederland
Digital Strategy

Digital security: "The chain is only as strong as its weakest link"

2021-03-08 Claudia risicoklassenindelingtool.pngMonday 08 March 2021 "With more than 4,000 parties working closely together in the logistics chain, it is becoming increasingly important to be incredibly well aligned. Not only on a physical level, but also on a digital level. Investing in cyber security is therefore necessary in order to be a reliable partner in this logistics chain." Was said by Claudia de Andrade de Wit, Director Digital & IT at the Port of Rotterdam and chair CC Information Security at CIO Platform Nederland. full story
Tags
CIO Platform Nederland
Information Security

View all news items through the archive

Close