European privacy legislation
When it comes to information security, CBS definitely has its act together. We maintain a clear view of what is happening with the data in our organisation and can assure that our employees handle privacy-sensitive data with due care and attention. This is evidenced by the fact that CBS was once again awarded a Privacy Proof Certificate, but this time with a difference. Since the start of the year, the certificate covers the organisation as a whole. A unique achievement, reveals Douwe Kuurstra, head of the quality assurance and auditing department at CBS. “We are not only one of the few government organisations in the Netherlands that can make this claim, but also the only statistical agency in Europe able to do so.” The Privacy Proof Certificate demonstrates that CBS is in compliance with the requirements of the new European General Data Protection Regulation (GDPR).
The audit for the Privacy Proof Certificate is performed by PricewaterhouseCoopers. This entails an in-depth investigation, in which employees are interviewed and auditors look behind the scenes at the organisation’s computer programmes.
“The audit ensures that we continue to improve ourselves and stay sharp,” Kuurstra explains. “It’s an approach that works. Across the board, we see that we are getting better year by year. I am proud that we can now demonstrate that the data of citizens, companies and employees are safe and well protected throughout our organisation.”
Privacy as a priority
Privacy and the secure handling of data are of vital importance to CBS. “We have built in layer upon layer to prevent the privacy of our respondents being compromised,” Max Booleman, CBS Data Protection Officer explains. “CBS works with the ‘container’ concept. Employees working on a particular statistic only have access to the dataset that is relevant to their research. The data within the containers are protected in such a way that they can never be traced directly to people or companies.” This is what makes data collection at CBS so valuable. The directors of the CBS organisation attach great importance to privacy and regard it as their number one priority at all times. “Statistics Netherlands is opening up new areas in the field of big data,” Booleman continues, “but also in how we collaborate with the likes of municipalities, provinces and universities. In those cases it is extra important that everyone is fully aware of the importance of privacy and data security.”
The CBS data protection policy consists of two tracks. The aim of achieving the highest possible technological protection of the information at hand is reinforced by a strong focus on awareness and the secure handling of data. Each and every one of our staff is constantly reminded of this and trained accordingly. “This happens, for example, during the introduction of new employees, is a key aspect of our annual audits and is expressed in many other ways,” Booleman says. “We are constantly alert to privacy within the organisation and employees are encouraged to hold each other to account if questions arise.”
Benefit for society
The introduction of European legislation on the protection of personal data has raised the profile of privacy and awareness. “We see this not only see within CBS, but also at our partner organisations,” Douwe Kuurstra observes. “We are delighted to see this awareness and strength of focus. Data in the Netherlands are now better protected across the board. This is a genuine benefit for society.”
CBS fully recognises the importance of having its operational management assessed by external organisations. This is part and parcel of our quality policy. CBS demonstrably meets the following widely recognised standards:
• Privacy Proof Certificate
• ISO 9001 (Quality Management)
• ISO 27001 (Information Security)
• ESS-IT Security Framework