The importance of privacy law is growing steadily. Not only due to technical developments, but also due to regulations that are being tightened up, which means that compliance in this field should be a serious point of attention for any organisation of any size.
The requirements of the General Data Protection Regulation (AVG) and the fines that the Dutch Data Protection Authority can impose are, of course, immediately obvious. In the meantime, an e-Privacy Regulation is also being prepared.
It is not always clear to companies and other organisations how the, often vague and open, standards in this legislation should be interpreted. There is a constant stream of new case law, decisions by the Dutch Data Protection Authority and guidance from the European Data Protection Board. The interpretation of the supervisory authorities often changes. For example, which data may still be processed for marketing purposes? Can data still be shared outside of Europe and stored with an American cloud service provider? What requirements must be met in this regard? Can I test my employees for alcohol and drugs? What corona measures can I take, without affecting the privacy rights of my employees and customers? Can governments share data among themselves or share it with private organisations?
BarentsKrans has extensive experience in answering these kinds of questions, and assisting organisations in this field, including in proceedings. In this context, our team is used to responding quickly when necessary, for example when assessing a data breach that must be reported within 72 hours and in relation to enforcement actions of the Dutch Data Protection Authority.
Experience privacy and protection of personal data
- Assisting companies and other organisations in the implementation of the General Data Protection Regulation, through training courses, workshops, quick scans, inventories and the preparation of documents such as protocols regarding data breach notification, (privacy) policy documents, processing registers and data protection impact assessments;
- Advising on the application of the General Data Protection Act, for example when introducing new products and services;
- Conducting civil and administrative proceedings in which privacy and personal data play a role, including with the Dutch Data Protection Authority;
- Drafting and reviewing privacy disclaimers, data processing agreements and commercial contracts involving the processing of personal data;
- Conducting compliance checks and due diligence investigations in the area of personal data;
- Assisting companies with monitoring visits and enforcement procedures of the Dutch Data Protection Authority;
- Advising on data leaks and security breaches.