Privacy is a fundamental right and allows both individuals and companies to control their data. Due to the increase in European and national laws and regulations and strict controls on compliance by supervisors, companies and institutions can hardly ignore privacy law nowadays. The best-known example of legislation and regulations that almost every company or institution must comply with is the General Data Protection Regulation (GDPR)…
Privacy is a fundamental right and allows both individuals and companies to control their data. Due to the increase in European and national laws and regulations and strict controls on compliance by supervisors, companies and institutions can hardly ignore privacy law nowadays. The best-known example of legislation and regulations that almost every company or institution must comply with is the General Data Protection Regulation (GDPR) that entered into force throughout the European Union. In the Netherlands, additional rules are laid down in the GDPR Implementation Act (UAVG). The core of the GDPR and the UAVG lies in the fact that every company or institution that processes personal data must handle these personal data carefully and transparently.
Although making your company GDPR-proof is very important, it is legally complex. Whether it concerns customer data, personnel data or data from third parties, the GDPR sets strict requirements with regard to the processing of personal data and also strengthens the rights of persons whose data is processed. Law & More lawyers are aware of all developments regarding (ever-changing) privacy law. Our lawyers delve into the way you handle personal data and map out your internal processes and data processing. Our lawyers also check to what extent your company is sufficiently structured in accordance with the applicable AVG legislation and what the possible improvements are. In these ways, Law & More is happy to help you make and keep your organization GDPR-proof.
With the introduction of the AVG, the laws have been tightened up. Is your company prepared for this?
Data Protection Officer
We help you appoint a Data Protection Officer
Data Protection Impact Assessment
We can carry out an analysis to identify the risks associated with your data processing.
Processing of data
What data does your company process? Does it processing at the AVG? We are at your service
“During the introduction it
immediately became clear to me
that Law & More has
a clear plan of action”
Application range and supervision
The GDPR applies to all organizations that process personal data. When your company collects data with which a person can be identified, your company has to do with the GDPR. Furthermore, personal data is processed when, for example, a payroll administration of your employees is kept, appointments with customers are registered or when data in healthcare is exchanged. You can also think of the following situations: conducting marketing activities or measuring or registering employee productivity or computer use. In view of the above, it is inevitable that your company will have to deal with privacy legislation.
In the Netherlands, the basic principle is that one must be able to rely on companies and institutions to handle their data with care. After all, in our current society, digitization plays an increasingly important role and involves processing data in digital form. This can lead to serious risks with regard to safeguarding our privacy. That is why the Dutch privacy supervisor, the Dutch Data Protection Authority (AP), has far-reaching control and enforcement powers. If your company does not comply with the applicable GDPR legislation, then it quickly risks an order subject to periodic penalty payments or a substantial fine, which can amount to up to twenty million euros. In addition, in the event of careless use of personal data, your company must take into account possible bad publicity and compensation actions by victims.
• Step 1: Identify which personal data you process
• Step 2: Determine the purpose and basis for data processing
• Step 3: Determine how the rights of data subjects are guaranteed
• Step 4: Evaluate whether and how you request, receive and register permission
• Step 5: Determine whether you are obliged to perform a Data Protection Impact Assessment
• Step 6: Determine whether to appoint a Data Protection Officer
• Step 7: Determine how your company deals with data leaks and the reporting obligation
• Step 8: Check your processor agreements
• Step 9: Determine which supervisor your organization falls under
• Advising and answering your legal questions: for example, when is there a data breach and how do you deal with it?
• Analysing your data processing on the basis of the goals and principles of the GDPR and determining specific risks: does your company or institution comply with the GDPR and what legal measures do you still need to take?
• Conducting Data Protection Impact Assessments.
• Assisting in legal proceedings and enforcement processes by the AP.