General Data Protection Regulation
The important aspects of the GDPR that apply to Perrit B.V., or will change when the GDPR enters into force.
Controller, processor & data subject.
The controller is responsible for the processing of the data and the consent of the data subjects. The processor is only responsible for processing the data on behalf of the controller. This will differ per customer or partner at Perrit. Not in all cases is Perrit the controller, but only the processor of the data. The data subject is the natural person that the data applies to.
Failure to comply with the enforcement, or not responding adequately enough to an incident can result in sanctions.
Strict permission is required from the data subject to process the data by the controller.
Notification of data breaches
The controller will report the data breach to the supervisory authority within 72 hours after having been notified of the infringement.
If the infringement involves a high risk for the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject.
Right of access by the data subject
The controller is obliged to provide information about the processed information of the data subject if this is requested by the data subject.
Right to erase
The controller is obliged to delete data of the data subject if this is requested by the data subject.
Right to data portability
The controller is obliged to provide data of the data subject if this is requested by the data subject, this must be done in such a way that the data subject can ask another data controller to take over the data.
Data Protection Officer
A DPO is not mandatory in all cases. The designation of a DPO is mandatory when a customer is a government agency, when systematic observation on a large scale of data subjects is required or when the processing of personal data is of a criminal convictions or offenses.