Privacy by design: no way around it
On 25 May 2018, the General Data Protection Regulation ("GDPR") will apply. The GDPR will replace the Dutch Data Protection Act. Although the GDPR sets the same basic principles for the processing of personal data as the Dutch Data Protection Act, it introduces many new requirements for the manner in which the processing of personal data must be set up and designed. A novelty is the requirement for a controller to implement technical and orgnisational measures to ensure compliance with data protection by design and default, or privacy by design. Houthoff's Jan Brölmann and Jurre Reus have written an article about it for Computable magazine, in which they argue that this requirement is relevant for both controllers and processors alike. You can read it here (in Dutch only).