Eindrapport evaluatie-wetbeschermingpersoonsgegevens

download Eindrapport evaluatie-wetbeschermingpersoonsgegevens

of 190

  • date post

    16-May-2015
  • Category

    Technology

  • view

    2.651
  • download

    6

Embed Size (px)

Transcript of Eindrapport evaluatie-wetbeschermingpersoonsgegevens

  • 1. De Jong Beleidsadvies Pro FactoJURIDISCH EN BESTUURSKUNDIG ONDERZOEK EN ADVIESWat niet weet, wat niet deertEen evaluatieonderzoek naar de werking van de Wet beschermingpersoonsgegevens in de praktijkH.B. WinterP.O. de JongA. SibmaF.W. VisserM. HerweijerA.M. KlingenbergH. Prakken

2. 2008 WODC, ministerie van Justitie. Auteursrechten voorbehouden.Dit rapport is uitgebracht in opdracht van het Wetenschappelijk Onderzoek- enDocumentatiecentrum (WODC) te Den Haag.2 3. InhoudVoorwoord ...............................................................................................................................7Samenvatting ..............................................................................................................................9Hoofdstuk 1 Inleiding, vraagstelling en onderzoeksaanpak.....................................................13 1.1 Wet bescherming persoonsgegevens ........................................................................13 1.2 Onderzoekskader ......................................................................................................13 1.2.1 Evaluatie in twee fasen .........................................................................................13 1.2.2 Veiligheid en privacy............................................................................................14 1.2.3 Administratieve lastendruk...................................................................................14 1.3 Probleemstelling en deelvragen................................................................................15 1.3.1 Normeren ..............................................................................................................15 1.3.2 Informeren ............................................................................................................17 1.3.3 Toezicht en rechtsbescherming ............................................................................19 1.4 Onderzoeksaanpak....................................................................................................20 1.4.1 Desk- en literatuuronderzoek................................................................................20 1.4.2 Orinterende interviewronde ................................................................................20 1.4.3 Enquteonderzoek ................................................................................................21 1.4.4 Interviews burgers ................................................................................................22 1.4.5 Casestudyonderzoek .............................................................................................22 1.5 Interviewronde..........................................................................................................23 1.6 Leeswijzer.................................................................................................................23Hoofdstuk 2 De Wet bescherming persoonsgegevens .............................................................25 2.1 Inleiding....................................................................................................................25 2.2 Totstandkoming van de Wet bescherming persoonsgegevens .................................25 2.3 Privacyrichtlijn .........................................................................................................27 2.4 De wet in hoofdlijnen ...............................................................................................27 2.4.1 Algemene karakterisering.....................................................................................27 2.4.2 Belangrijkste begrippen ........................................................................................28 2.4.3 Wijzigingen ten opzichte van de Wpr ..................................................................28 2.4.4 Het Cbp.................................................................................................................30 2.4.5 De Functionaris voor de Gegevensbescherming ..................................................31 2.4.6 Voorwaarden rechtmatige verwerking .................................................................32Hoofdstuk 3 Beschrijvingskader ..............................................................................................35 3.1 Inleiding....................................................................................................................35 3.2 Normeren ..................................................................................................................35 3.2.1 Open normen ........................................................................................................35 3.2.2 Zelfregulering .......................................................................................................38 3.2.3 Technologische ontwikkelingen ...........................................................................39 3.2.4 Samenwerkingsverbanden ....................................................................................41 3.3 Informeren ................................................................................................................42 3.3.1 Bekendheid ...........................................................................................................42 3.3.2 Meldings- en informatieplicht ..............................................................................44 3.4 Toezicht en rechtsbescherming ................................................................................463 4. 3.4.1 College bescherming persoonsgegevens ..............................................................463.4.2 Functionaris voor de gegevensbescherming.........................................................503.4.3 Klachten en beroep ...............................................................................................51Hoofdstuk 4 Ervaringen van organisaties.................................................................................53 4.1 Inleiding....................................................................................................................53 4.2 Respons.....................................................................................................................55 4.2.1 Organisaties in het algemeen ................................................................................55 4.2.2 Meldende organisaties ..........................................................................................57 4.2.3 Organisaties met een FG.......................................................................................58 4.3 Kenmerken van organisaties.....................................................................................59 4.3.1 Grootte van de organisatie....................................................................................59 4.3.2 Privacydeskundigheid...........................................................................................61 4.4 De Functionaris voor de Gegevensbescherming ......................................................62 4.5 Databases en verwerkingen ......................................................................................66 4.5.1 Aantal databases ...................................................................................................66 4.5.2 Uitwisseling persoonsgegevens ............................................................................67 4.5.3 Het vullen van databases ......................................................................................68 4.5.4 De inhoud van databases ......................................................................................68 4.5.5 Het beveiligingsniveau van de databases .............................................................70 4.6 De meldingsprocedure ..............................................................................................72 4.6.1 Kennis over de meldingsplicht .............................................................................72 4.6.2 Redenen voor melden ...........................................................................................73 4.6.3 Hoe melden? .........................................................................................................74 4.6.4 Aantal meldingen..................................................................................................74 4.6.5 Leeftijd en actualisering van meldingen...............................................................76 4.6.6 Controle op de meldingen.....................................................................................77 4.6.7 Positieve effecten van de meldingsplicht .............................................................78 4.6.8 Administratieve lasten meldingsprocedure ..........................................................79 4.7 Rechten van betrokkenen..........................................................................................80 4.7.1 Informatieverstrekking .........................................................................................80 4.7.2 Acties door betrokkenen .......................................................................................82 4.8 Administratieve lasten ..............................................................................................84 4.9 Technologische ontwikkelingen ...............................................................................86 4.10 Samenvatting ............................................................................................................87 4.10.1 Organisaties ......................................................................................................87 4.10.2 Databases en privacyregels...............................................................................88 4.10.3 Meldingen ................................................................................................