The Wbp relates to every use - 'processing' - of personal data, from the collection of these data up to and including the destruction of personal data.
The Ministry of Justice published Guidelines for personal data processors.
Notification obligation and exemption from the notification obligation
The supervisory authority, the Dutch DPA must be notified of all processing of personal data. The Dutch DPA keeps a public register of these notifications. However, a large number of socially well known and accepted processing operations have been exempted from the notification obligation. On this web site, the Dutch DPA offers a checklist for the use of the exemption decree.
Technology
The Wbp has a separate section (Section 13) on the use of technology in the protection of personal data.
Supervision of compliance with the Wbp and enforcement of the Wbp
The Wbp also governs the tasks and powers of the supervisor of the act, the Dutch DPA. As a national supervisory authority, the Dutch DPA is the successor of the former Registratiekamer. The Dutch DPA is authorised to impose sanctions.
Data protection officer
Organisations can also appoint their own internal supervisor, the data protection officer.