Privacy Lawyer

Privacy is a fundamental right and allows both individuals and companies to control their data. Due to the increase in European and national laws and regulations and strict controls on compliance by supervisors, companies and institutions can hardly ignore privacy law nowadays. The best-known example of legislation and regulations that almost every company or institution must comply with is the General Data Protection Regulation (GDPR) that entered into force throughout the European Union. In the Netherlands, additional rules are laid down in the GDPR Implementation Act (UAVG). The core of the GDPR and the UAVG lies in the fact that every company or institution that processes personal data must handle these personal data carefully and transparently.

Although making your company GDPR-proof is very important, it is legally complex. Whether it concerns customer data, personnel data or data from third parties, the GDPR sets strict requirements with regard to the processing of personal data and also strengthens the rights of persons whose data is processed. Law & More lawyers are aware of all developments regarding (ever-changing) privacy law. Our lawyers delve into the way you handle personal data and map out your internal processes and data processing. Our lawyers also check to what extent your company is sufficiently structured in accordance with the applicable AVG legislation and what the possible improvements are. In these ways, Law & More is happy to help you make and keep your organization GDPR-proof.

Tom Meevis

Managing Partner / Advocate

Our lawyers are ready for you


With the introduction of the AVG, the laws have been tightened up. Is your company prepared for this?

Data Protection Officer

We help you appoint a Data Protection Officer

Immigration law

Data Protection Impact Assessment

We can carry out an analysis to identify the risks associated with your data processing

Processing of data

What data does your company process? Does it processing at the AVG? We are at your service

"I wanted to have a lawyer who is always ready for me, even in the weekends"

Application range and supervision

The GDPR applies to all organizations that process personal data. When your company collects data with which a person can be identified, your company has to do with the GDPR. Furthermore, personal data is processed when, for example, a payroll administration of your employees is kept, appointments with customers are registered or when data in healthcare is exchanged. You can also think of the following situations: conducting marketing activities or measuring or registering employee productivity or computer use. In view of the above, it is inevitable that your company will have to deal with privacy legislation.

In the Netherlands, the basic principle is that one must be able to rely on companies and institutions to handle their data with care. After all, in our current society, digitization plays an increasingly important role and involves processing data in digital form. This can lead to serious risks with regard to safeguarding our privacy. That is why the Dutch privacy supervisor, the Dutch Data Protection Authority (AP), has far-reaching control and enforcement powers. If your company does not comply with the applicable GDPR legislation, then it quickly risks an order subject to periodic penalty payments or a substantial fine, which can amount to up to twenty million euros. In addition, in the event of careless use of personal data, your company must take into account possible bad publicity and compensation actions by victims.

Inventory and privacy policy

To prevent such far-reaching consequences or measures from the supervisor, it is important for your company or institutions to have a privacy policy in order to comply with GDPR. Before compiling a privacy policy, it is important to inventory how your company or institution is doing in the context of privacy. That is why Law & More has drawn up the following step-by-step plan:

• Step 1: Identify which personal data you process
• Step 2: Determine the purpose and basis for data processing
• Step 3: Determine how the rights of data subjects are guaranteed
• Step 4: Evaluate whether and how you request, receive and register permission
• Step 5: Determine whether you are obliged to perform a Data Protection Impact Assessment
• Step 6: Determine whether to appoint a Data Protection Officer
• Step 7: Determine how your company deals with data leaks and the reporting obligation
 Step 8: Check your processor agreements
• Step 9: Determine which supervisor your organization falls under

AWhen you have performed this analysis, it is possible to determine which risks of violation of privacy legislation arise within your company. This can also be anticipated in your privacy policy. Are you looking for support in this process? Please contact Law & More. Our lawyers are experts in the field of privacy law and can assist your company or institution with the following services:

• Advising and answering your legal questions: for example, when is there a data breach and how do you deal with it?
• Analysing your data processing on the basis of the goals and principles of the GDPR and determining specific risks: does your company or institution comply with the GDPR and what legal measures do you still need to take?
• Preparing and reviewing documents, such as your privacy policy or processor agreements.
• Conducting Data Protection Impact Assessments.
• Assisting in legal proceedings and enforcement processes by the AP.

General Data Protection Regulation (GDPR)

Protection of privacy rights becomes increasingly important in our present society. This can for a large part be attributed to digitalization, a development in which information is more often processed in a digital form. Unfortunately, digitalization also entails risks. In order to safeguard our privacy, privacy regulations are established.

•At the moment, privacy law undergoes a significant transformation that derives from the implementation of the GDPR. With the establishment of the GDPR, the entire European Union will be subject to the same privacy legislation. This greatly impacts enterprises, since they will have to deal with stricter requirements concerning data protection. The GDPR enhances the position of data subjects by granting them new rights and strengthening their established rights. Furthermore, organisations that process personal data will have more obligations. It is important for corporations to prepare for this change, all the more since the penalties for non-compliance with the GDPR will also become stricter.

Are you in need of advice regarding the transition to the GDPR? Do you want to have a compliance check performed, to make sure your company complies with the requirements deriving from the GDPR? Or are you concerned the protection of your own personal data is inadequate? Law & More has extensive knowledge concerning privacy law and will help you to structure your organisation in a way that is compliant with the GDPR.

Do you want to know what Law & More can do for you as a law firm in Eindhoven?
Then contact us by phone +31 (0) 40 369 06 80 or send us an e-mail:
mr. Tom Meevis, advocate at Law & More –
mr. Maxim Hodak, advocate at & More –