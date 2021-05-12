The FD reports today that most Dutch and European companies, three years after its introduction, still do not comply with the new European privacy legislation, the GDPR. This conclusion can be drawn from statements made by CIOs of more than 130 large companies on the CIO Platform.

The CIOs point to the massive use of cloud services from Google, Amazon and Microsoft as one of the main reasons why they cannot yet comply with the GDPR. The lack of transparency displayed by these American companies, partly due to a lack of transparency about what they do with customer data, makes it impossible for many Dutch (and European) companies to comply with the GDPR.

The CIO Platform therefore calls on (European) legislators to oblige American companies to comply with the GDPR requirements. If these companies do not do this, then the supply of products on the European market must be restricted, according to the CIOs.

Costs are passed on

At the moment, European companies themselves bear the costs associated with the efforts that must be made to ensure that the products listed in the US suppliers comply with the GDPR. And in many cases they fail to do so. This also means that any fines imposed by supervisors such as the Dutch Data Protection Authority (AP) are for their account. These fines can amount to 4 percent of the annual turnover.

Ronald Verbeek, director of the CIO Platform and CIO of the Radboudumc, asks in the FD why some of the fines are not imposed directly on the software suppliers concerned when it is clear that they are also partly responsible for not being able to comply with the GDPR law by European companies. According to Verbeek, there is a ‘weaving error’ in the GDPR. “We have to turn that around. Not the user, but the creator should ensure secure software. The legislator really needs to fix this, ”said the CIO.