Privacy law

This is how we can help you

Our Team

Since its establishment in 1995, our firm has an established name in the field of IT and privacy law. We keep track of all relevant developments and will be happy to provide you with a concrete and appropriate advice.

Apart from the GDPR, other rules and frameworks are also important, such as national implementation laws (in the Netherlands: UAVG), the Dutch Telecommunications Act and laws and several legislation and guidelines in the field of healthcare, IT law, intellectual property law or employment law. Ploum has a relatively large privacy team that deals with privacy law on a daily basis, whereby each lawyer has his or her own (additional) specialisation. For example, we have specific knowledge of privacy in the healthcare sector and in the workplace. We all have a passion for the IT and privacy practice and combine this with our specific expertise. Where necessary, we also consult with our colleagues from the corporate law section and/or the bankruptcy law section. Because we have all this expertise in-house, we can switch quickly and provide you with sound - and pragmatic - advice. 

Most of our more senior attorneys have completed a Grotius specialisation course and we are members of various relevant specialisation associations. These include: VIRA (Association for Information Technology Lawyers), NVvIR (the Dutch Association for Information Technology and Law), VPR (Privacy Law Association), IAPP (International Association of Privacy Professionals) and LES Benelux (Licensing Executives Society Benelux). Ploum is co-author of Global Privacy Book.

Strong team. Their service level is just excellent and everything is handled in a user-friendly way. They are a pleasure to work with. The team is really focused on the needs of clients. – Legal 500 EMEA 2022

All individuals are always easy to be reached and quick to react and answer any question you might have. They are very much aware of what is needed in company life, so not too focused on the academic side of things but also ensure a good amount of practicality. – Legal 500 EMEA 2022

Our assistance

Our privacy team will be happy to assist you with the following:

• Drafting and reviewing agreements, other (required) documents and registers (compliance projects)
  data processing agreement, privacy statement, data breach protocol, data processing register, register of incidents, data retention policy, international data exchange (e.g. SCCs), (intercompany) data transfer agreement
• Advising on a wide range of privacy issues (including themes such as marketing, food, cybersecurity, energy, e-commerce and (health)care)
  cookies, marketing/advertising, opt-in, use of photos in advertisements, consumer data, online sales, employee tracking systems, WiFi tracking, hacks, cyber-attacks, security incidents, access control, staff alcohol and drug testing, camera surveillance, processing of health data, identity documents and citizen service numbers (in Dutch: BSN), e-health and scientific research
• Performing Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (worldwide)
• Assessing obligations in the implementation of data subject rights (e.g. the right of access to or deletion of data) or setting up a related policy (SOP)
• Advising on personal data in case of bankruptcy or acquisition (M&A);
• Assisting in case of data breaches (e.g. notification obligations), disputes/proceedings (claims for damages or claims for access to or deletion of data) or investigations by authorities (such as the Dutch DPA).

We assist in proceedings in court as well as in arbitrations and investigations and/or sanctions imposed by authorities (e.g. the Dutch Data Protection Authority). We also have extensive experience in coordinating projects in various jurisdictions worldwide. This enables us, for example, to advise you on how to be 'compliant' with your web shop throughout Europe. We offer assistance in various other manners as well, such as by way of our Privacy Helpdesk, Privacy Tools and Privacy Knowledge Sessions (please see below).

Track Record

• Drafting (group) agreements for the (worldwide) exchange of personal data
• Assisting pharmaceutical companies in tightening up privacy policies and related documents (GDPR compliance), in conjunction with sector-specific legislation (e.g. drug distribution)
• Adjusting the privacy policy of a large organisation in the arts and culture sector
• Advising on direct marketing and the use of consumer data (opt-in vs opt-out)

Compliance projects

Do you want to be sure that your organisation complies with the basic principles of the GDPR? We have developed handy tools to examine this in a structured manner. Subsequently, we help to draft, negotiate and/or update all documents and contracts, perform DPIAs where necessary and, if desired, we also provide training to your employees for the implementation of policies. 

Privacy Tools and Privacy Helpdesk

With the Privacy Helpdesk, we provide short lines of advice, at a fixed/reduced rate, for (in particular) your Data Protection Officer (DPO) or (other) privacy officer. Our team will be pleased to provide you with fast and concrete advice that you can put into practice. With our Ploum Privacy Helpdesk, we do this immediately by telephone where possible. More information can be found here. For our clients, we also offer various Privacy Tools, such as a handy checklist that can be used when assessing data processing agreements.

Privacy Awareness Sessions

We give training sessions, workshops and/or lectures within companies and at conferences. In the field of privacy, we do this with respect to, among other things, privacy in the workplace (focused on your organisation or team, e.g. customer service, HR), privacy & marketing (incl. portrait rights) and privacy in healthcare (professional secrecy, e-health). We can help you to familiarize your employees (e.g. annually) with the GDPR obligations in practice.

Want to know more?

Please contact one of our specialists via the contact details below or privacy@ploum.nl.

Ploum’s Data Privacy Practice has a very broad knowledge of all area’s within Data Privacy. And if a question is linked to employment law for example, they are quick to ensure these elements are included in their advice. This to ensure all legal angles are covered. Overall the practice has a clear understanding of what a company requires from them, not just legally correct advice but also very much usable in daily business life. – Legal 500 EMEA 2022