What are the AFM and DNB?
The Dutch Authority for the Financial Markets (AFM) is the conduct supervisor for the financial markets in the Netherlands. It supervises the conduct of the entire financial market sector: savings, investment, insurance, loans, pensions, capital markets, asset management, accountancy and financial reporting. The AFM focuses on the provision of financial services and products by institutions and the way they deal with customers.
The Central Bank of the Netherlands (DNB) is the prudential supervisor and is responsible for financial stability in the Netherlands. The DNB supervises financial institutions’ financial health and contributes to the stable and reliable functioning of the financial sector: banks, pension funds, insurers and other financial institutions.
The AFM’s role is comparable to the SEC in the United States. The DNB, within the European System of Central Banks, determines and implements monetary policy and is responsible for prudential supervision of financial organizations for the Netherlands.
What compliance guidelines do these institutions enforce?
Both institutions have a role in enforcing regulations and guidelines that are often based on European directives and regulations. These can cover a wide range of topics, from capital requirements for banks (Basel III/CRD IV/CRR), insurance companies (Solvency II), to conduct and transparency requirements (MiFID II, IDD), anti-money laundering and counter-terrorism financing (AMLD), and many others.
Who enforces guidelines for data security and privacy in the Netherlands?
The AFM and DNB do not directly issue regulations on data security and privacy.
However, they do enforce compliance with relevant regulations in these areas as part of their supervisory roles.
In the Netherlands, data security and privacy in the financial sector are largely governed by the General Data Protection Regulation (GDPR), the European Union regulation that applies to all EU member states, including the Netherlands. The GDPR is comprised of requirements for the protection of personal data, including the need for appropriate security measures to protect such data.
Financial institutions in the Netherlands are also subject to the Network and Information Systems (NIS) Directive, another EU regulation that sets forth security requirements for operators of essential services and digital service providers.
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the primary regulatory body for privacy and data protection in the Netherlands. They enforce the GDPR and other Dutch privacy laws and provide guidance on data protection matters.
What is the PSD2 all about?
Financial institutions may also be subject to specific security requirements set forth in sector-specific regulations, such as the Payment Services Directive 2 (PSD2) for payment services providers, which includes requirements for strong customer authentication and secure communication.
Key components of the PSD2 include:
Much like for GDPR, Concentric AI provides a three-step approach to help organizations comply with Dutch guidelines: Discover and identify data, monitor and classify data for risk, and remediate data risk issues.
Below is a brief summary of our three-step approach.
In the discovery phase, Concentric AI uses advanced machine learning to scan and categorize sensitive data, regardless of where it’s stored. This helps companies understand what personal data they hold, the legal basis for processing it, the associated risks, and how to respond to data subject requests.
The monitoring phase involves continuous risk assessment. Concentric AI autonomously tracks how sensitive data is used, shared, and accessed — identifying risks from inappropriate permissions, risky sharing, and unauthorized access. Data classification, a crucial step for GDPR compliance, allows companies to identify, categorize, and organize their data based on its sensitivity and importance.
In the remediation phase, Concentric AI’s Risk Distance™ analysis uses deep learning to compare each data element with baseline security practices, identifying risks without rules and policies. The solution can remediate these risks as they occur, such as fixing access control issues or disabling sensitive file sharing.
Concentric Semantic Intelligence™ provides a categorized view of your data and a risk rating for all exposed data. This enables data security, privacy, and compliance teams to easily find and correct inappropriate sharing, unauthorized access, or wrong entitlements of sensitive data, effectively preventing data loss. The solution requires no upfront rules or large teams to operate — all the while reducing risk and protecting GDPR data efficiently.
Customers are successfully using our product in production for petabytes of data for:
Book a demo today to see firsthand — with your own data — how Concentric AI’s solution can quickly and easily be deployed to manage data risk in your organization.
If you’re in charge of protecting sensitive data, you know that the importance of robust Data Security Posture Management (DSPM)...
The landscape of data privacy is evolving faster than companies can keep up with, and consumers are reaping the benefits...
As cloud technology becomes a centerpiece of business operations across all industries, the challenge of managing vast amounts of organizational...
As 2023 comes to a close, I can’t help but reflect on the convergence of events that have elevated data...
Organizations face a trifecta of challenges when it comes to protecting data: massive cloud migration, the rise of remote and...
When we think about data protection and security, it seems evident that it would apply to every industry and business...