Several Dutch businesses have complained about companies which offer a so-called GDPR quality label (AVG in Dutch). They have received such offers both by email and phone.
In some cases, the ‘quality labels’ threaten to file a complaint with the Dutch Data Protection Authority (AP) if the company does not respond.
The quality label guarantees that businesses are in full compliance with the General Data Protection Regulation, new European privacy legislation which came into force at the end of May. In other words, they’re GDPR-proof. These claims are incorrect, says the AP, which emphasizes that it has not approved any quality marks relating to the new regulation.
The AP has another problem with this type of labels. They suggest that by purchasing such a seal of approval, companies are in permanent compliance with the privacy legislation. In reality, though, every company must keep an eye on possible changes to the way data are being processing. They also have to keep track of technological developments and what the implications are for the way they process data.
However, the Dutch Data Protection Authority has joined efforts to set up an accreditation system for certain companies. These organisations will receive a certificate that confirms that a product, process or service meets GDPR requirements.