Your leading law firm for IT, privacy and digital transformation

AVDR: Journal IT and Data 24 April 2024

In de media verschijnen de laatste tijd doorlopend berichten dat organisaties onvoldoende voorbereid zouden zijn op NIS-2. Deze Europese richtlijn introduceert voor een veel breder spectrum aan organisaties verschillende verplichtingen met als doel de cyberweerbaarheid van deze organisaties en daarmee de Europese Unie te vergroten. In dit AvdR IT & Data Journaal gaan Tom de

DORA: ‘Technical Standards,’ new pieces of the puzzle

The Digital Operational Resilience Act (“DORA”) aims to harmonize rules related to digital resilience for the financial sector. DORA applies to 21 different types of financial entities. As of January 17, 2025, DORA is effective. Earlier we reported on DORA and the impact DORA will have on contracting with IT suppliers. The latter is part

What issues housing associations face under the GDPR

Housing corporations have a special position under the law. For example, the housing corporation’s task is to allocate rental housing appropriately and provide a certain level of living enjoyment to residents. In performing its duties, a housing corporation obtains and processes various personal data from its (potential) tenants. In many cases, there is a need

The AI regulation: from transparency obligations to banning AI with unacceptable risks

Chat GPT, Bard and Gemini, artificial intelligence (“AI”) is increasingly being used in contemporary life, but with new innovations also come new risks. For example, there is a lack of transparency about how AI output is created, but it is also the question whether privacy and the protection of personal data are adequately safeguarded. This

Annual Review IT 2023

In the Annual Review IT 2022, we saw many legislative initiatives from the European Union in the field of data and digitization. By 2023, many of these initiatives have been turned into final directives or regulations that will come into force in the coming years. In this annual review IT 2023, we give a view

Announcement of monthly ‘chef’s table’ meetings Turing Law

Starting Feb. 27, we will organize monthly professional consultations that you can join. During the meeting, one or more lawyers will talk about a particular topic. Read more below or register immediately via our website.  The chef’s table: meetings on various legal topics The chef’s table is also described as the heart of a restaurant.

AVDR: Journal IT and Data October 31

On October 31, Esmee Fonville and Tom de Wit presented their second IT and Data journal. This time the topic was current IT case law. Esmee and Tom elaborated on several recent rulings on agile methodology, creditor default, IT vendor’s duty of care and IT procurement. In our next journal, we will take a closer

AVDR: Journal IT and DATA, August 29

On August 29, Esmee Fonville and Tom de Wit conducted the first journal ‘IT and data law journal’. Topic of this journal was “Duty of Care of the IT Supplier. After explaining the subject and the importance of the IT supplier’s duty of care, recent case law surrounding the duty of care was discussed. Using

Turing Law provides growing technology practice with arrival of new partner

Turing Law welcomes Jeroen van Woezik as a new partner. Jeroen van Woezik is the founder of Lawrence Privacy (Due Diligence) & Tech. A firm that specializes in supporting tech M&A transactions. Huub de Jong “Jeroen has years of experience in project-based advising and supporting his clients with privacy and IT projects. With Jeroen’s arrival,

IT conflict escalated? IT mediation may be the solution

IT projects can be complex and although supplier and customer like to regard each other as partners, interests diverge. This can cause IT projects to come under pressure or actually derail as a result of differences of opinion about the scope, price and/or delivery date of the project. Mediation: when is it useful? If parties

Recap Turing Summer Drinks 2023

On Wednesday 16 August 2023, the now traditional Turing Summer Drinks took place. Whereas last year we celebrated the start of our office, this time we could proudly toast on the expansion of our team and the move to new premises. As in previous years, we met again yesterday at Pavlov restaurant in The Hague,

DORA: the implication for the IT-supplier, PART II

In PART I of our blog series, we outlined the framework of the Digital Operational Resilience Act (‘DORA’). In this second part of our blog series about DORA, we focus on the implications or impact DORA has for normal IT-suppliers. Normal opposes those IT-suppliers providing ‘critical’, ‘important’ or ‘systemic’ IT-services for which a stricter regime

DORA: the implication for ICT and cloud suppliers, PART I

In a previous blog we have informed you about the EIOPA guidelines, which contain guidelines for insurance companies for the outsourcing to providers of existing and new cloud services. However, these are only mere guidelines addressing very particular services for a limited type of entities in the financial sector, namely insurance companies. Already in 2019

Annual review of IT 2022

The year 2022 shows a multitude of legislative and policy initiatives related to IT and data at the European and national levels. The European Commission took seriously its President’s 2021 call to shape digital transformation, especially in the areas of data, artificial intelligence and cybersecurity. At the national level, we also saw a lot happening

ARBIT 2022 – IT supplier obligations further tightened

On 10 September 2022, the new Arbit (General Government Conditions of IT Procurement) terms and conditions came into force. These Arbit 2022 replace the earlier version from 2018. These terms and conditions are used by the central government, such as ministries, independent administrative bodies and regulators as well as other public authorities for the procurement

Seminar “Duty of Care and IT Supplier”

After giving a seminar on the IT supplier’s duty of care in Eindhoven this summer, we have decided to give the seminar again at our location in The Hague, of course supplemented with relevant new case law and insights. In conflicts between IT suppliers and their customers, we are increasingly finding in our own litigation

Cybersecurity on a higher level? The NIS-2 directive

In the European security agenda, originating from 2015, cybersecurity was one of the major focus areas. Since then various legislations in the field of cybersecurity have been introduced as part of the EU-strategy to make Europe more digitally resilient. Various cybersecurity incidents and an evaluation of the cybersecurity legislation in place since 2015, have urged

Seminar “Duty of Care and IT Supplier”

In conflicts between IT suppliers and their customers, we increasingly notice that the special duty of care of the supplier is invoked. What is the impact of the duty of care on the interpretation of the agreement between parties? Does it bring unpredictable obligations for ICT suppliers? Is it a legitimate fallback option for inexperienced