The Wbp relates to every use - 'processing' - of personal data, from the collection of these data up to and including the destruction of personal data.
Notification obligation and exemption from the notification obligation
The supervisory authority, the Dutch DPA must be notified of all processing of personal data. The Dutch DPA keeps a public register of these notifications. However, a large number of socially well known and accepted processing operations have been exempted from the notification obligation. On this web site, the Dutch DPA offers a checklist for the use of the exemption decree.
Technology
The Wbp has a separate section (Section 13) on the use of technology in the protection of personal data.
Supervision of compliance with the Wbp and enforcement of the Wbp
The Wbp also governs the tasks and powers of the supervisor of the act, the Dutch DPA. As a national supervisory authority, the Dutch DPA is the successor of the former Registratiekamer. The Dutch DPA is authorised to impose sanctions.
Data protection officer
Organisations can also appoint their own internal supervisor, the data protection officer.
International
The international aspects of the Wet bescherming persoonsgegevens (Wbp; Personal Data Protection Act) are discussed under this heading.
The two most important questions from an international perspective are:
1) When does the Wbp apply to companies that operate internationally?
2) When is the transfer of personal data to third countries (outside the European Union and the European Area) permitted?