Privacy is a fundamental right and allows both individuals and companies to control their data. Due to the increase in European and national laws and regulations and strict controls on compliance by supervisors, companies and institutions can hardly ignore privacy law nowadays. The best-known example of legislation and regulations that almost every company or institution must comply with is the General Data Protection Regulation (GDPR) that entered into force throughout the European Union. In the Netherlands, additional rules are laid down in the GDPR Implementation Act (UAVG). The core of the GDPR and the UAVG lies in the fact that every company or institution that processes personal data must handle these personal data carefully and transparently.
Although making your company GDPR-proof is very important, it is legally complex. Whether it concerns customer data, personnel data or data from third parties, the GDPR sets strict requirements with regard to the processing of personal data and also strengthens the rights of persons whose data is processed. Law & More lawyers are aware of all developments regarding (ever-changing) privacy law. Our lawyers delve into the way you handle personal data and map out your internal processes and data processing. Our lawyers also check to what extent your company is sufficiently structured in accordance with the applicable AVG legislation and what the possible improvements are. In these ways, Law & More is happy to help you make and keep your organization GDPR-proof.
With the introduction of the AVG, the laws have been tightened up. Is your company prepared for this?
We help you appoint a Data Protection Officer
We can carry out an analysis to identify the risks associated with your data processing
What data does your company process? Does it processing at the AVG? We are at your service
"I wanted to have a lawyer who is always ready for me, even in the weekends"
The GDPR applies to all organizations that process personal data. When your company collects data with which a person can be identified, your company has to do with the GDPR. Furthermore, personal data is processed when, for example, a payroll administration of your employees is kept, appointments with customers are registered or when data in healthcare is exchanged. You can also think of the following situations: conducting marketing activities or measuring or registering employee productivity or computer use. In view of the above, it is inevitable that your company will have to deal with privacy legislation.
In the Netherlands, the basic principle is that one must be able to rely on companies and institutions to handle their data with care. After all, in our current society, digitization plays an increasingly important role and involves processing data in digital form. This can lead to serious risks with regard to safeguarding our privacy. That is why the Dutch privacy supervisor, the Dutch Data Protection Authority (AP), has far-reaching control and enforcement powers. If your company does not comply with the applicable GDPR legislation, then it quickly risks an order subject to periodic penalty payments or a substantial fine, which can amount to up to twenty million euros. In addition, in the event of careless use of personal data, your company must take into account possible bad publicity and compensation actions by victims.
• Step 1: Identify which personal data you process
• Step 2: Determine the purpose and basis for data processing
• Step 3: Determine how the rights of data subjects are guaranteed
• Step 4: Evaluate whether and how you request, receive and register permission
• Step 5: Determine whether you are obliged to perform a Data Protection Impact Assessment
• Step 6: Determine whether to appoint a Data Protection Officer
• Step 7: Determine how your company deals with data leaks and the reporting obligation
• Step 8: Check your processor agreements
• Step 9: Determine which supervisor your organization falls under
• Advising and answering your legal questions: for example, when is there a data breach and how do you deal with it?
• Analysing your data processing on the basis of the goals and principles of the GDPR and determining specific risks: does your company or institution comply with the GDPR and what legal measures do you still need to take?
• Conducting Data Protection Impact Assessments.
• Assisting in legal proceedings and enforcement processes by the AP.
Protection of privacy rights becomes increasingly important in our present society. This can for a large part be attributed to digitalization, a development in which information is more often processed in a digital form. Unfortunately, digitalization also entails risks. In order to safeguard our privacy, privacy regulations are established.
•At the moment, privacy law undergoes a significant transformation that derives from the implementation of the GDPR. With the establishment of the GDPR, the entire European Union will be subject to the same privacy legislation. This greatly impacts enterprises, since they will have to deal with stricter requirements concerning data protection. The GDPR enhances the position of data subjects by granting them new rights and strengthening their established rights. Furthermore, organisations that process personal data will have more obligations. It is important for corporations to prepare for this change, all the more since the penalties for non-compliance with the GDPR will also become stricter.
Are you in need of advice regarding the transition to the GDPR? Do you want to have a compliance check performed, to make sure your company complies with the requirements deriving from the GDPR? Or are you concerned the protection of your own personal data is inadequate? Law & More has extensive knowledge concerning privacy law and will help you to structure your organisation in a way that is compliant with the GDPR.