Archive

Everyone knows by now that parties such as Facebook and Amazon compose profiles of their users. These profiles are compiled on the basis of, among other things, social communities, ‘likes’ and purchased products. Based on these profiles, it is then possible to advertise in a more targeted way and to make suggestions to users. But

On 12 February 2019 the European Data Protection Board (‘EDPB’) published an information note on data transfers to the United Kingdom in the event of a no-deal Brexit. The EDPB is the body in which all Data Protection Authorities of the Member States of the European Union are united. Below we will discuss what the

With the arrival of the General Data Protection Regulation, the rules concerning the processing and protection of personal data within the European Union (‘EU’) have been largely harmonized. This means that organizations within the EU can, in principle, exchange personal data with peace of mind. Outside the Netherlands and other EU member states, privacy legislation

In order to be able to process personal data, a legal basis is required. One of the legal bases is the consent of the data subject (the person whose personal data are being processed). The requirements that the consent of the data subject must meet in accordance with the forthcoming General Data Protection Regulation  (‘GDPR’)

Many organisations are already aware of the fact that the General data protections regulation (‘GDPR’) considerably extends the power to impose fines by the Supervisory Authorities. This extended power is undoubtedly a strong incentive for organisations implement the GDPR and become privacy proof. But what extra obligations does the GDPR impose compared to the older

The processor has already been mentioned sideways in these GDPR-series on a regular basis, but didn’t get our specific attention yet. This part of our GDPR-series will therefore provide an insight into the changes that are taking place for the processor under the General Data Protection Regulations (‘GDPR’). Terminology The processor is the party that

The introduction of the obligation to report data leaks and a substantial expansion of the supervisory authority’s power to impose fines, have resulted in more and more organizations being aware of the laws and regulations in the field of personal data protection. Many organizations therefore now know that they are legally obliged to enter into

As of 25 May 2018, the General Data Protection Regulation (‘GDPR’) will apply. Under the GDPR, the performance of a data protection impact assessment (‘DPIA’), in Dutch a ‘data protection impact assessment’, is made mandatory for organizations for certain data processing operations. In the Dutch Personal Data Protection Act (‘Wbp’), this assessment already exists under

The General Data Protection Regulation (‘GDPR’), which will apply from 25 May 2018, contains rules on data protection. The Data Protection Officer (‘DPO’) can play a key role in many organisations in terms of compliance with the GDPR. Below you will find more information about the designation, position and tasks of the DPO and some

“Data from 2,000 patients were accessible through leakage”, “Laptop with patient data stolen from hospital”, “Private data nearly 900 jobseekers on the street after email error”. These headlines show that it is impossible to imagine the news without security incidents with personal data. In some cases, these security incidents were data breaches. As of 1

De laatste tijd zijn er een aantal rechterlijke uitspraken geweest over back-ups van gegevens. Partijen steggelen dan over de vraag of de ICT-leverancier verplicht was om een back-up te maken van de gegevens van de klant. Een niet onbelangrijke vraag. De betreffende gegevens zijn namelijk vaak essentieel voor de dienstverlening van de klant. Mede om

As we wrote earlier, the General Data Protection Regulation  (‘GDPR’) entered into force on 24 May 2016. The Dutch Personal Data Protection Act  (de “Wet Bescherming Persoonsgegevens” hereinafter called: ‘Wbp‘) provides for the protection of personal data until 25 May 2018, after which the GDPR will take over the baton. The aforementioned legislation contains rules

Earlier, we announced the publication of a series on our website in which different topics of the General Data Protection Regulation (‘GDPR’) will be discussed on a regular basis. In order to opt for a better understanding of the entry into force and the application of the GDPR in the Netherlands, we will commence this

On 27 May 2016, the EU Council and Parliament have agreed on the EU Trade Secrets Directive. Bearing The Directive introduces an EU-wide definition of “trade secret”, i.e. information which is secret, has commercial value because it is secret, and has been subject to reasonable steps to keep it secret. The EU Trade Secrets Directive