Privacy law

Since the European General Data Protection Regulation (GDPR) came into force, this topic has become even more important. All companies based in the Netherlands (or other countries within the EER), doing business here and/or processing personal data of EU citizens must comply with all requirements of the GDPR. This raises many questions. What data may be requested and/or shared? Does a party qualify as a data controller or a data processor? Can consumer data be used for marketing purposes? How do you deal with health data and what should you do in case of a cybersecurity incident (e.g. data breach)?

Citizens have become more aware of their privacy rights as well (we see this in individual compensation cases but also increasingly in the form of mass claims). The Dutch Data Protection Authority (Autoriteit Persoonsgegevens), which supervises compliance with the laws and regulations in the area of personal data, is becoming increasingly active and can impose heavy fines. It is important that every company meets its obligations under the GDPR (also called compliance). At the same time, it is often important for a company to be able to innovate and/or make use of data for, inter alia, marketing purposes. Our multidisciplinary IT & Privacy team will be glad to guide you through the complex regulations in this area. We will be happy to think along about what is possible under the current legislation.

Do you have questions about privacy law?

Please contact us through the phone number below or send us an email.

+31104406440 privacy@ploum.nl

This is how we can help you

Our Team

Since its establishment in 1995, our firm has an established name in the field of IT and privacy law. We keep track of all relevant developments and will be happy to provide you with a concrete and appropriate advice.

Apart from the GDPR, other rules and frameworks are also important, such as national implementation laws (in the Netherlands: UAVG), the Dutch Telecommunications Act and laws and several legislation and guidelines in the field of healthcare, IT law, intellectual property law or employment law. Ploum has a relatively large privacy team that deals with privacy law on a daily basis, whereby each lawyer has his or her own (additional) specialisation. For example, we have specific knowledge of privacy in the healthcare sector and in the workplace. We all have a passion for the IT and privacy practice and combine this with our specific expertise. Where necessary, we also consult with our colleagues from the corporate law section and/or the bankruptcy law section. Because we have all this expertise in-house, we can switch quickly and provide you with sound - and pragmatic - advice. 

Most of our more senior attorneys have completed a Grotius specialisation course and we are members of various relevant specialisation associations. These include: VIRA (Association for Information Technology Lawyers), NVvIR (the Dutch Association for Information Technology and Law), VPR (Privacy Law Association), IAPP (International Association of Privacy Professionals) and LES Benelux (Licensing Executives Society Benelux). Ploum is co-author of Global Privacy Book.

Strong team. Their service level is just excellent and everything is handled in a user-friendly way. They are a pleasure to work with. The team is really focused on the needs of clients. – Legal 500 EMEA 2022

All individuals are always easy to be reached and quick to react and answer any question you might have. They are very much aware of what is needed in company life, so not too focused on the academic side of things but also ensure a good amount of practicality. – Legal 500 EMEA 2022

Our assistance

Our privacy team will be happy to assist you with the following:

  • Drafting and reviewing agreements, other (required) documents and registers (compliance projects)
    data processing agreement, privacy statement, data breach protocol, data processing register, register of incidents, data retention policy, international data exchange (e.g. SCCs), (intercompany) data transfer agreement
  • Advising on a wide range of privacy issues (including themes such as marketing, food, cybersecurity, energy, e-commerce and (health)care)
    cookies, marketing/advertising, opt-in, use of photos in advertisements, consumer data, online sales, employee tracking systems, WiFi tracking, hacks, cyber-attacks, security incidents, access control, staff alcohol and drug testing, camera surveillance, processing of health data, identity documents and citizen service numbers (in Dutch: BSN), e-health and scientific research
  • Performing Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (worldwide)
  • Assessing obligations in the implementation of data subject rights (e.g. the right of access to or deletion of data) or setting up a related policy (SOP)
  • Advising on personal data in case of bankruptcy or acquisition (M&A);
  • Assisting in case of data breaches (e.g. notification obligations), disputes/proceedings (claims for damages or claims for access to or deletion of data) or investigations by authorities (such as the Dutch DPA).

We assist in proceedings in court as well as in arbitrations and investigations and/or sanctions imposed by authorities (e.g. the Dutch Data Protection Authority). We also have extensive experience in coordinating projects in various jurisdictions worldwide. This enables us, for example, to advise you on how to be 'compliant' with your web shop throughout Europe. We offer assistance in various other manners as well, such as by way of our Privacy Helpdesk, Privacy Tools and Privacy Knowledge Sessions (please see below).

Track Record

  • Drafting (group) agreements for the (worldwide) exchange of personal data
  • Assisting pharmaceutical companies in tightening up privacy policies and related documents (GDPR compliance), in conjunction with sector-specific legislation (e.g. drug distribution)
  • Adjusting the privacy policy of a large organisation in the arts and culture sector
  • Advising on direct marketing and the use of consumer data (opt-in vs opt-out)

Compliance projects

Do you want to be sure that your organisation complies with the basic principles of the GDPR? We have developed handy tools to examine this in a structured manner. Subsequently, we help to draft, negotiate and/or update all documents and contracts, perform DPIAs where necessary and, if desired, we also provide training to your employees for the implementation of policies. 

Privacy Tools and Privacy Helpdesk

With the Privacy Helpdesk, we provide short lines of advice, at a fixed/reduced rate, for (in particular) your Data Protection Officer (DPO) or (other) privacy officer. Our team will be pleased to provide you with fast and concrete advice that you can put into practice. With our Ploum Privacy Helpdesk, we do this immediately by telephone where possible. More information can be found here. For our clients, we also offer various Privacy Tools, such as a handy checklist that can be used when assessing data processing agreements.

Privacy Awareness Sessions

We give training sessions, workshops and/or lectures within companies and at conferences. In the field of privacy, we do this with respect to, among other things, privacy in the workplace (focused on your organisation or team, e.g. customer service, HR), privacy & marketing (incl. portrait rights) and privacy in healthcare (professional secrecy, e-health). We can help you to familiarize your employees (e.g. annually) with the GDPR obligations in practice.

Want to know more?

Please contact one of our specialists via the contact details below or privacy@ploum.nl.

Ploum’s Data Privacy Practice has a very broad knowledge of all area’s within Data Privacy. And if a question is linked to employment law for example, they are quick to ensure these elements are included in their advice. This to ensure all legal angles are covered. Overall the practice has a clear understanding of what a company requires from them, not just legally correct advice but also very much usable in daily business life. – Legal 500 EMEA 2022 

Ask a question

Subscribe to our newsletter

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests
  • Subscribe quickly to knowledge events and Ploum Academy
  • Use question and answer options in articles

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests

Quick registration for knowledge events and Ploum Academy

Post comments on articles


Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.

Password

A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.