Privacy and Data Protection

Privacy and Data Protection

Data Protection Picture

GDPR

Privacy is a fundamental right and enables both individuals and companies to retain control over their data. As a result of the increase in European, national and the strict laws and regulations, monitoring of compliance with by the supervisory authorities, technology companies and institutions can nowadays hardly ignore privacy law.

The best-known example of legislation and regulations with which every technology company or institution also has to comply is the General Data Protection Regulation (GDPR). The GDPR operates throughout the European Union. In the Netherlands, additional rules are laid down in the GDPR Implementation Act. The core of the GDPR  and the implementation act lies in the fact that every company or institution that processes personal data must handle these data carefully and transparently.

Making your technology company GDPR-proof is of great importance, but legally complex. Whether it concerns customer data, staff data or data of third parties, the AVG imposes strict requirements with regard to the processing of personal data and also strengthens the rights of persons whose data is being processed. The lawyers of Law & More are aware of all developments in relation to (ever-changing) privacy law. Our lawyers study how you deal with personal data and map out your internal processes and data processing. In these ways Law & More is happy to help you make and keep your technology organization AGDPR-proof.

Processing of Personal Data

Personal data may only be processed in accordance with these legal rules. Sensitive personal data, such as data concerning a person’s religion, political affiliation, sexual orientation and race may only be processed if there is an explicit legal basis for doing so.

Some central obligations based on the GDPR:

formulation of the purpose of processing personal data
no further processing incompatible with the purpose for which the data were obtained
no processing of special personal data, unless there is a legal exception for this
justification for the processing, such as unambiguous consent or performance of a contract
security and reporting of data leaks
provision of information to the data subject
rights of the data subject, including rights of access, rectification and opposition
transfer to other countries

Non-compliance with the AVG can have various consequences, such as enforcement actions by the Personal Data Authority, including the imposition of heavy fines, or liability towards data subjects. Do you want to prevent that? Or are you already dealing with the AP? Then please contact Law & More. Our expert lawyers will be happy to provide you with legal advice.

Data Breaches and Security

The AVG requires organizations to take appropriate technical and organizational measures to protect personal data against loss or against any form of unlawful processing. The measures are also aimed at preventing unnecessary collection and further processing of personal data.

A data breach occurs when there is a breach of this security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Substantial fines may result from failure to report a data breach (in a timely manner). The fine can amount to as much as EUR 20 million or, in extreme cases, as much as 4% of the annual turnover. In addition, reporting a data breach can cause unrest among your customers, suppliers and employees. This can lead to reputational damage.

Does the obligation to report data leaks apply to your organization? Then the Personal Data Authority can impose administrative fines. If your organization has not committed the breach intentionally and there is no serious culpable negligence, the Personal Data Authority will first have to impose a binding instruction before it can impose a fine. In addition, the Personal Data Authority must take into account all the circumstances of the case. Think, for example, of the fact that the data have not been accessed by third parties. In view of the risk of fines, it is advisable to make agreements with parties who process personal data for your organization (so-called processors) about the security measures to be taken. These agreements can be laid down in a processing agreement. It is also advisable to make agreements about the responsibility for (enabling) compliance with the obligation to report data leaks.

Well-considered and prepared action is necessary in the event of any data breach. As your lawyers, we can provide you with the necessary tools and assist you where necessary.

International Transfers

The protection of personal data is not regulated in the same way in all countries. Passing on personal data from the Netherlands to other countries is therefore only permitted if a country offers sufficient protection. Different rules apply to the transfer of data to a country within the European Union (EU) than to a country outside the EU. Within the EU, the level of data protection is the same. This is because all EU Member States have to comply with the General Data Protection Regulation.

Separate rules apply to the transfer of personal data from the Netherlands to countries outside the EU, so-called third countries. The main rule is that an organization may only transfer personal data to third countries with an adequate level of protection. Transfer to countries outside the EU is only lawful if appropriate safeguards are in place, such as the conclusion of EU Standard Contractual Clauses, Binding Corporate Rules and the PrivacyShield introduced in the United States.

We will be happy to advise you on making agreements and recording them with parties with whom you share personal data. Of course, we can also draw up, assess or amend contract texts for you and, if desired, conduct the negotiations for you.

Proceedings

We prefer to be involved in communication between parties at an early stage in the event of a (threatening) dispute. We can then contribute to a solution in which both parties can agree, so that legal proceedings can possibly be avoided.

If it is not possible to reach a settlement between the parties and legal proceedings are unavoidable, we will assist you in this matter. We draw up clear procedural documents in consultation with you. You can think of disputes about processing agreements or compliance with other agreements concerning the processing of personal data or whether or not to comply with requests from data subjects. In addition, we can assist you in lodging objections and appeals against decisions of the Personal Data Authority.

Finally, we can also assist you in lodging an appeal against a court ruling. Even if you have been assisted in the first instance by another lawyer. If you are in doubt about an opinion or the content of a procedural document drawn up by your current lawyer, we can provide you with a second opinion.

Contact us by phone +31 40 369 06 80
or send us an e-mail

Contacts

Our Lawyers are at your Service.

Or call us now!

+31 40 369 06 80

Start the collaboration with us while figuring out the best solution based on your needs.
Logo
Law & More is a law firm focused on companies and individuals. The law firm is based in Amsterdam and the Eindhoven Science Park – the Dutch “Silicon Valley” in The Netherlands.
Privacy statement
Cookie statement
Links

Contact Eindhoven

De Zaale 11
5612 AJ Eindhoven
The Netherlands

E-mail: info@lawandmore.nl
Tel: +31 40 369 06 80
Chamber of Commerce: 27313406

Contact Amsterdam

Visiting Address:
Thomas R. Malthussstraat 1
1066 JR Amsterdam
The Netherlands

E-mail: info@lawandmore.nl
Tel: +31 20 369 71 21
Chamber of Commerce: 27313406

© 2023 Law & More B.V.. All Rights Reserved. Website by Seocreed.nl
Advocaat.tech