Privacy & Data protection

Since 25 May 2018, privacy and data protection rules have been laid down in the General Data Protection Regulation (GDPR). This means that the same privacy legislation applies throughout the European Union. In the Netherlands, additional rules have been laid down in the GDPR Implementation Act.

Every organisation has to deal with privacy law. You already process personal data when you create a member or customer database or maintain a personnel file. Even anonymizing personal data is considered an act processing to which the GDPR applies. Conducting business without processing personal data is near unthinkable.

Many of our clients process data that is much more sensitive, such as health data or data about children. Or they process data on a very large scale, as a result of which an incident can have a huge impact. Finally, all kinds of innovative technological applications offer opportunities for intrusive profiling and monitoring of those involved. Usually with good intentions, but sound legal advice is absolutely necessary.

The GDPR requires you to process data properly, carefully and transparently and in accordance with the law. All kinds of obligations result from this. For example, you may be required to carry out a data protection impact assessment (DPIA). This is an instrument to identify privacy risks in advance.

In order to be able to demonstrate compliance with the GDPR, you must keep a register of processing activities. You may also be required under to appoint a Data Processing Officer (DPO). If you outsource data processing to a third party, you must conclude a processor agreement.

You also need to comply with relevant other regulations that contain special rules for data processing. Issues of privacy law often affect other domains and areas of law, such as rights and obligations in healthcare, telecommunications, education, media, mobility and IT.

SOLV has been closely involved with privacy law since 2000 and has been at the forefront of this field for all those years. Our lawyers are recognised top specialists.

Our services

  • Advising on and executing DPIAs and other privacy compliance processes
  • Advising on complex privacy issues
  • Advising on international transfers of personal data to countries outside the EU and compliant design of these data flows
  • Drafting privacy statements, cookie statements and consent forms
  • Advising on data leaks and drawing up incident response protocols
  • Drafting of processor agreements and other data exchange agreements
  • Advising on requests to access personal data by data subjects
  • Legal proceedings, including in enforcement proceedings by the Data Protection Authority
  • Creating awareness among employees, for example by giving internal courses and workshops
  • Advising on privacy aspects in the development of new products and services, and the application of privacy by design and privacy by default

publications

Related to Privacy & Data protection