Privacy and data protection (AVG/GDPR)
Every organisation holds privacy-sensitive information and private data of customers, patients, prospects and employees. The General Data Protection Regulation (GDPR) sets requirements for how this data is handled. The Dutch version of GDPR is the AVG regulation (Algemene Verordening Gegevensbescherming). Meanwhile, the preparation of an e-privacy regulation is also in progress. It is not always clear to organisations how to apply the often vague and open standards in this legislation. In addition, there is a constant stream of new case law, decisions by the Private Data Authority and guidance from the European Data Protection Board. In addition, the interpretation of regulators tends to change frequently. The privacy and data protection attorneys of La Gro Geelkerken have thorough and up-to-date substantive knowledge in this area. They advise organisations how to deal with the applicable privacy legislation in a responsible and practical manner.
The attorneys in the privacy and data protection team have extensive experience in privacy law and know the playing field. They translate the standards from laws and regulations, such as the AVG, into concrete actions and legal documents to ensure you can apply them in a targeted manner. We are used to moving quickly, for example in enforcement actions and the assessment of a data breach that must be reported within 72 hours. Of course, we assist organisations and private individuals in litigation over privacy issues. We like to invest in sustainable, long-term partnerships and act as an indispensable sparring partner for various organisations.
Here’s what we can do for you
The government is one of the largest processors of private data. Citizens should be able to trust that government organisations handle their data with great care. At the same time, the government must be able to continue to function. The AVG has added a number of new data processing obligations to the government’s remit. We help implement and apply the AVG and assist in preparing protocols, policies and other documentation. In addition, we answer questions such as: how is private data protected within the social domain and youth assistance? Can governmental bodies share data with each other or with private organisations? In what way should a data access request be fulfilled?
Did you send an email with private data to the wrong address? Has your employee lost their company phone? You may be required to report this as a data breach to the Private Data Authority. A security incident can have major consequences. It has recently become a regular occurrence for entire IT systems to be held hostage. Potentially, your entire organisation could also come to a standstill. We respond quickly when you are faced with such issues and advise on the choices to be made and the measures to be taken.
Of course, prevention is better than the cure. That is why we are happy to advise you on preventive measures to avoid your organisation from ending up in such a situation as much as possible.
Processing private data for marketing purposes is a hot topic at the moment. For example, is this permissible on the basis of ‘legitimate interest’? When is consent needed? If consent is required, the AVG has stricter requirements for this than previous legislation. Another item frequently in the media is storage of private data. May data still be shared outside of Europe and stored with a US Cloud Service Provider? If yes, what requirements would apply?
Our attorneys have extensive experience with processing private data for marketing purposes. They will be happy to advise you on the right approach, including for innovative applications and in an online context.
Healthcare data is extremely sensitive private data and its processing is subject to additional strict requirements. The regulator closely monitors the sector and has already imposed a fair number of fines on hospitals and other parties in the medical sector. As a healthcare provider, it is essential to have your compliance in order.
Technical innovations and ICT projects
Healthcare is an innovative sector where new technologies are constantly being developed, such as medical apps and electronic health records. This leads to a variety of legal issues in the areas of data protection and privacy. We have broad experience with the legal issues surrounding technology and will help you make well-considered choices for your IT projects and technological innovations. If necessary, we will work together in multidisciplinary teams with specialists in other areas of the law.
The AVG attorneys at La Gro Geelkerken guide companies and other organisations through the implementation of the AVG, by providing training, workshops, quick scans and inventories. In addition, our AVG attorneys draft necessary documents, such as protocols relating to mandatory disclosure concerning data breaches, (privacy) policy documents, processing registers and data protection impact assessments.
We also advise on the application of the AVG, for example in the introduction of new services and products and the drafting of privacy statements. Compliance checks and due diligence in the area of private data;
Assisting companies in audits and enforcement processes by the Dutch Private Data Authority; If necessary, we conduct civil and administrative proceedings in which privacy and private data play a role, including with the Dutch Private Data Authority.