Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

2021-04-12 AVG 2.jpgMonday 12 April 2021

On April 5th, the Financieele Dagblad published an article with contributions from CIO Platform Nederland about the issues business users face concerning compliance with the GDPR. The article did not remain unnoticed, but also contained a few inaccuracies. Please find below both amendments and a reference to the parliamentary questions asked and other publications in the media based on the article.

In the article (in Dutch) ‘Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet', the FD pays attention to the problems users of digital products and services encounter in complying with the GDPR. It demonstrates the imbalance in of liability and responsibility between suppliers and users. CIO Platform Nederland therefore calls on the legislator to ensure that software suppliers are only allowed to supply their products to the EU market if they themselves comply with the AVG requirements. On behalf of CIO Platform Nederland, the FD interviewed Ronald Verbeek (director) and Arthur Govaert (chairman).

Amendments
CIO Platform Nederland agrees with the general scope of the article and is convinced that the article illustrates important injustices. However, the printed version of the article was not entirely in line with our input and vision. The FD saw no possibility to publish our requested amendments. Therefore, please find our response below:

Reaction CIOPN
CIO Platform Nederland agrees with the thrust of the FD article "Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet" (In Dutch) of April 6th. The responsibility for the security and compliance with EU legislation of software and cloud services must be more evenly distributed between user and provider. 
The article states that the CIO’s are making an admission, this is not the case. Research by the Dutch central government shows that frequently used products/services of Microsoft and Google are not AVG compliant in some respects. Our conclusion is that it is virtually impossible for users to comply with the AVG as long as the software and cloud services they use do not comply.

Further on, it is suggested that the actions of care workers of Radboudumc are followed by Microsoft. This is incorrect. Measures were taken before the software was put into use at the UMCs. This did require negotiating power on the part of the central government, which most companies do not have.

Key Issues
According to the CIO Platform Nederland the article, in combination with the amendments, addresses the following key issues:

  • When a data leak occurs due to unsafe software, the software supplier should be held accountable for a substantially larger proportion than is currently the case, not the user.
  • The European government should ensure that software entering the European market complies with European laws and standards.
  • The lack of responsibility and accountability results in that, for example in the case of the General Data Protection Regulation, user organizations run the risks of i.a. fines, not the supplier of the software or Cloud service.    

Parliamentary questions and other media
In the days after the publication, the article generated a lot of attention. The story featured in different media such as BNR nieuwsradio and NPO Radio 1. Furthermore, member of parliament Kathmann (PvdA) submitted six parliamentary questions based on the article. These questions are largely in line with the points made by CIO Platform Nederland, with one important exception. The view attributed to CIO Platform Nederland and its director, namely 'that not the user of software, but the developer should be responsible for implementing AVG requirements' is not ours. As stated above, we believe that responsibility should be shared more fairly, whereby if the defect is in the software, then the developer of that software should be held responsible, not the user.

Lastly, in the near future we will try to give a good follow-up to the attention and results the article generated. We will continue to promote our collective views about GDPR compliance and the inequality in the software and Cloud market.

Read the follow up article on GDPR compliance challenges of April 18th in FD (in Dutch). European Data Protection Supervisor is  researching contracts with Microsoft regarding possible storage of personal data of European Commission staff in the US.

For questions and/or remarks send an email to info@cio-platform.nl.

« Back

More news

Arjen Boersma and Edward Cox join the board

2024-01-11 | Nieuwe BestuursledenThursday 28 March 2024 We would like to welcome Arjen Boersma, CIO ProRail and Edward Cox, CIO Louwman Group, to the board of CIO Platform Nederland. full story

Recap Online Lunchsession Approach and experience in implementing Copilot at SHVEnergy

2024-03-19   SHV Co-pilot op de werkplekThursday 21 March 2024 In an online lunchsession on Tuesday March 19th, noon-1pm, Paulo Rodrigues, CIO at SHVEnergy, presented the approach taken by his team in introducing Microsoft Copilot to (part of) their workforce by way of a pilot. full story

Umbrella organisations call for National Growth Fund to remain open

2024-03-12 Koepels roepen op tot openhouden nationaal GroeifondsFriday 08 March 2024 Together with VNO-NCW, FME, NLdigital and several other parties, CIO Platform Nederland sent an open letter to the Lower House last week calling for the National Growth Fund, and in particular the current 4th round, to remain open. full story

CIO-associations launch ‘A Perspective on tomorrow’s digital world’

2024-02-21  Manifesto A perspective on tomorrow's digital worldThursday 29 February 2024 Four CIO-associations launch their joint Manifesto ‘A Perspective on tomorrow’s digital world’ highlighting four priorities for European politicians to address in the coming years to reach the digital ambitions set over the last years and to ensure our strategic independence based on our values in the digital world. full story

View all news items through the archive

Close