GDPR series: profiling and automated decision-making

Everyone knows by now that parties such as Facebook and Amazon compose profiles of their users. These profiles are compiled on the basis of, among other things, social communities, ‘likes’ and purchased products. Based on these profiles, it is then possible to advertise in a more targeted way and to make suggestions to users. But

No-deal Brexit: what does that mean for the transfer of personal data?

On 12 February 2019 the European Data Protection Board (‘EDPB’) published an information note on data transfers to the United Kingdom in the event of a no-deal Brexit. The EDPB is the body in which all Data Protection Authorities of the Member States of the European Union are united. Below we will discuss what the

international transfers: model contracts and Privacy Shield

With the arrival of the General Data Protection Regulation, the rules concerning the processing and protection of personal data within the European Union (‘EU’) have been largely harmonized. This means that organizations within the EU can, in principle, exchange personal data with peace of mind. Outside the Netherlands and other EU member states, privacy legislation

GDPR-Series: Consent

In order to be able to process personal data, a legal basis is required. One of the legal bases is the consent of the data subject (the person whose personal data are being processed). The requirements that the consent of the data subject must meet in accordance with the forthcoming General Data Protection Regulation  (‘GDPR’)

GDPR Series: administrative fines

Many organisations are already aware of the fact that the General data protections regulation (‘GDPR’) considerably extends the power to impose fines by the Supervisory Authorities. This extended power is undoubtedly a strong incentive for organisations implement the GDPR and become privacy proof. But what extra obligations does the GDPR impose compared to the older

GDPR Series: Processor

The processor has already been mentioned sideways in these GDPR-series on a regular basis, but didn’t get our specific attention yet. This part of our GDPR-series will therefore provide an insight into the changes that are taking place for the processor under the General Data Protection Regulations (‘GDPR’). Terminology The processor is the party that

GDPR-series: data processing agreement

The introduction of the obligation to report data leaks and a substantial expansion of the supervisory authority’s power to impose fines, have resulted in more and more organizations being aware of the laws and regulations in the field of personal data protection. Many organizations therefore now know that they are legally obliged to enter into

GDPR-Series: Data protection impact assessment (DPIA)

As of 25 May 2018, the General Data Protection Regulation (‘GDPR’) will apply. Under the GDPR, the performance of a data protection impact assessment (‘DPIA’), in Dutch a ‘data protection impact assessment’, is made mandatory for organizations for certain data processing operations. In the Dutch Personal Data Protection Act (‘Wbp’), this assessment already exists under

GDPR Series: Data Protection Officer

The General Data Protection Regulation (‘GDPR’), which will apply from 25 May 2018, contains rules on data protection. The Data Protection Officer (‘DPO’) can play a key role in many organisations in terms of compliance with the GDPR. Below you will find more information about the designation, position and tasks of the DPO and some

GDPR-Series: mandatory notification of a personal data breach

“Data from 2,000 patients were accessible through leakage”, “Laptop with patient data stolen from hospital”, “Private data nearly 900 jobseekers on the street after email error”. These headlines show that it is impossible to imagine the news without security incidents with personal data. In some cases, these security incidents were data breaches. As of 1

Back-ups: better safe than sorry

De laatste tijd zijn er een aantal rechterlijke uitspraken geweest over back-ups van gegevens. Partijen steggelen dan over de vraag of de ICT-leverancier verplicht was om een back-up te maken van de gegevens van de klant. Een niet onbelangrijke vraag. De betreffende gegevens zijn namelijk vaak essentieel voor de dienstverlening van de klant. Mede om

GDPR Series: (special) personal data

As we wrote earlier, the General Data Protection Regulation  (‘GDPR’) entered into force on 24 May 2016. The Dutch Personal Data Protection Act  (de “Wet Bescherming Persoonsgegevens” hereinafter called: ‘Wbp‘) provides for the protection of personal data until 25 May 2018, after which the GDPR will take over the baton. The aforementioned legislation contains rules

GDPR-series: entry into force

Earlier, we announced the publication of a series on our website in which different topics of the General Data Protection Regulation (‘GDPR’) will be discussed on a regular basis. In order to opt for a better understanding of the entry into force and the application of the GDPR in the Netherlands, we will commence this

EU directive trade secrets adopted

On 27 May 2016, the EU Council and Parliament have agreed on the EU Trade Secrets Directive. Bearing The Directive introduces an EU-wide definition of “trade secret”, i.e. information which is secret, has commercial value because it is secret, and has been subject to reasonable steps to keep it secret. The EU Trade Secrets Directive

This site is registered on Toolset.com as a development site.