Small Dutch organisations do not have to fear immediate fines if their systems are not yet properly equipped to deal with new EU privacy legislation known as GDPR, justice minister Sander Dekker has told broadcaster NOS.

The legislation which comes into effect on Friday, applies to every company and organisation which ‘processes people’s data’

However, according to NOS, Dekker says that small organisations will not be immediately liable if they are not fully GDPR compliant.

‘It is not the case that on May 26, inspectors will be on the doorstep of a village football club,’ he said. ‘But if big firms are mucking around and yours or my personal information becomes public, then they have a problem.’

The new rules mean companies and organisations, including local sports clubs, have to be able to show what information they hold about private individuals and what they do with it.

Compliance falls under the responsibility of the privacy watchdog Authoriteit Persoonsgegevens which said earlier this month it did not have enough funding to properly monitor GDPR.

Dekker has said he will not make new funding available in the short term.

Fines

Fines for companies which break the law can amount up to €20m or 4% of annual turnover.

Figures published by the small business association MKB Nederland earlier this month indicate that thousands of companies are not yet ready to introduce the new rules and 30% had not heard of it at all.

The race to meet Friday’s deadline has lead to email inboxes clogging up with mailing list messages urging people to confirm they still want to receive newsletters.