Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

AVG 2.jpgmaandag 12 april 2021

On April 5th, the Financieele Dagblad published an article with contributions from CIO Platform Nederland about the issues business users face concerning compliance with the GDPR. The article did not remain unnoticed, but also contained a few inaccuracies. Please find below both amendments and a reference to the parliamentary questions asked and other publications in the media based on the article.

In the article (in Dutch) ‘Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet', the FD pays attention to the problems users of digital products and services encounter in complying with the GDPR. It demonstrates the imbalance in of liability and responsibility between suppliers and users. CIO Platform Nederland therefore calls on the legislator to ensure that software suppliers are only allowed to supply their products to the EU market if they themselves comply with the AVG requirements. On behalf of CIO Platform Nederland, the FD interviewed Ronald Verbeek (director) and Arthur Govaert (chairman).

CIO Platform Nederland agrees with the general scope of the article and is convinced that the article illustrates important injustices. However, the printed version of the article was not entirely in line with our input and vision. The FD saw no possibility to publish our requested amendments. Therefore, please find our response below:

Reaction CIOPN
CIO Platform Nederland agrees with the thrust of the FD article "Meerderheid Nederlandse bedrijven voldoet na drie jaar nog niet aan privacywet" (In Dutch) of April 6th. The responsibility for the security and compliance with EU legislation of software and cloud services must be more evenly distributed between user and provider. 
The article states that the CIO’s are making an admission, this is not the case. Research by the Dutch central government shows that frequently used products/services of Microsoft and Google are not AVG compliant in some respects. Our conclusion is that it is virtually impossible for users to comply with the AVG as long as the software and cloud services they use do not comply.

Further on, it is suggested that the actions of care workers of Radboudumc are followed by Microsoft. This is incorrect. Measures were taken before the software was put into use at the UMCs. This did require negotiating power on the part of the central government, which most companies do not have.

Key Issues
According to the CIO Platform Nederland the article, in combination with the amendments, addresses the following key issues:

  • When a data leak occurs due to unsafe software, the software supplier should be held accountable for a substantially larger proportion than is currently the case, not the user.
  • The European government should ensure that software entering the European market complies with European laws and standards.
  • The lack of responsibility and accountability results in that, for example in the case of the General Data Protection Regulation, user organizations run the risks of i.a. fines, not the supplier of the software or Cloud service.    

Parliamentary questions and other media
In the days after the publication, the article generated a lot of attention. The story featured in different media such as BNR nieuwsradio and NPO Radio 1. Furthermore, member of parliament Kathmann (PvdA) submitted six parliamentary questions based on the article. These questions are largely in line with the points made by CIO Platform Nederland, with one important exception. The view attributed to CIO Platform Nederland and its director, namely 'that not the user of software, but the developer should be responsible for implementing AVG requirements' is not ours. As stated above, we believe that responsibility should be shared more fairly, whereby if the defect is in the software, then the developer of that software should be held responsible, not the user.

Lastly, in the near future we will try to give a good follow-up to the attention and results the article generated. We will continue to promote our collective views about GDPR compliance and the inequality in the software and Cloud market.

Read the follow up article on GDPR compliance challenges of April 18th in FD (in Dutch). European Data Protection Supervisor is  researching contracts with Microsoft regarding possible storage of personal data of European Commission staff in the US.

For questions and/or remarks send an email to

« Back

Female IT leadership @Havenbedrijf Rotterdam

2021-10-28 IT Female Leader Network.Port of Rotterdam.png26 november 2021 Vorige maand ontmoetten zo'n 20 vrouwelijke IT-leiders elkaar in het prachtige gebouw van Havenbedrijf Rotterdam, gehost door Claudia de Andrade – de Wit, CIO Havenbedrijf Rotterdam, bestuurslid CIO Platform Nederland en mede-initiatiefnemer van deze netwerkgroep. lees verder

CIOPN heeft vier aanbevelingen voor informateurs bij opstellen regeerakkoord op hoofdlijnen

Brief18 oktober 2021 CIO Platform Nederland wijst via een brief de informateurs op de belangen en vraagstukken van de zakelijke gebruiker. lees verder

Oproep CIO-verenigingen: Microsoft doe meer voor duurzaamheid en cybersecurity!

2021-10-08 Nieuwsbericht Persbericht oproep duurzaamheid aan Microsoft.png08 oktober 2021 Op 8 oktober 2021 hebben CIO Platform Nederland, Beltug, Cigref en Voice een gezamenlijk persbericht uitgebracht. Hierin roepen wij Microsoft op de onnodige milieu-schade die haar commerciële beleid oplevert aan te pakken en meer verantwoordelijkheid te nemen voor veilige producten, zodat zakelijke gebruikers niet langer hoeven op te draaien voor de enorme kosten die haar onveilige producten opleveren. Microsoft staat hierin overigens niet alleen, maar heeft als marktleider wel een bijzondere verantwoordelijkheid. lees verder

Jaardag 2021: the digital heart of society

2021-09-15 Jaardag Event-omslag.png15 september 2021 Hét hoofdthema van de Jaardag 2021, waarvoor op 15 september ruim 90 van onze leden naar de Mauritskazerne zijn afgereisd, was 'The digital heart of society'. Het programma, onder leiding van Arthur Govaert en Ronald Verbeek, heeft letterlijk én figuurlijk het digitale hart van de deelnemers gevoed. lees verder

Bekijk alle nieuwsberichten via het archief