'Privacy affects everyone'

The entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018 and
the forthcoming ePrivacy Regulation has made privacy law a priority for all companies,
organisations and government bodies.

The GDPR concerns personal data and how organisations should handle it. Personal data is
any data which can be directly or indirectly traced to a natural person. It therefore means a
lot more than just saving a name or email address.

New requirements
The GDPR imposes (new) obligations on organisations which, for example, access, save,
keep and use personal data. These rules apply to (almost) all organisations and government
bodies. For example, has your organisation:

  • set up a processing register?
  • amended the privacy statement on its website?
  • concluded data processing agreements?
  • put in place procedures and a register for use in the event of data breaches?
  • amended its internal privacy policy and staff handbook?

The importance of compliance
Serious penalties can be imposed on organisations if they do not comply (sufficiently) with
privacy legislation. Failure to comply with the GDPR can harm your organisation's image and
that can lead to reputational damage. We help our clients to make their organisations GDPRcompliant
to avoid this happening to them. To do that we have drawn up a 12-step plan and
created models. We also give in-house privacy awareness training courses. Our Privacy 12-
Step Plan is free of charge and we will send it to you on request.

Obligation to inform
Your organisation uses personal data on, for example, your clients, employees and
suppliers. One obligation imposed by the law is that you actively inform these people about
how their personal data is used. For example, information must be provided about the
purpose for which the personal data is used and the grounds for using it, as well as about the
period that the personal data is kept. This information must also be recorded in a so-called
processing register.

One way of informing your employees is to include information in the staff handbook. You are
also expected to keep your employees 'privacy-aware' by training them.

External parties are usually informed via a privacy statement on the website. We can help
you draw up or amend the text of the staff handbook and the privacy statement and provide
interactive training to employees so that you fulfil your obligation to inform.

Data Protection Officer (DPO)
In certain cases, it will be necessary for your organisation to appoint a DPO. We can advise
you on this and also provide DPO services. Hylke Klasens is available for this on an interim
basis. Often it is not a full-time job and therefore it may only take one hour a month for a
DPO to do the necessary work.

Who is your lawyer?
Would you like to find out more about privacy law? If so, please contact: Ruby Nefkens or
Hylke Klasens.


Would you like to contact us?

  +31 (0)20 607 79 79