Marielle Stroes
Lawyer
Deeply Rooted in Privacy & Data Protection.
Every business processes personal data and, therefore, deals with privacy and data protection. The importance of privacy law and data protection has significantly increased in recent years. On the one hand, this is due to rapid technological developments, and on the other, the ever-expanding regulations. Privacy and data protection are topics that many businesses struggle with, often unclear about what is permitted and what is not. The consequences of breaches of privacy law can be significant. The specialized attorneys at Thuis Partners are ready to provide you with advice and assistance on all aspects of data protection law.
A Selection of Our Focus Areas within this Expertise
The General Data Protection Regulation (GDPR)
Since May 25, 2018, there has been a single privacy law across all of Europe: the General Data Protection Regulation (GDPR). This European Regulation has direct applicability in member states and allows very limited scope for national deviations. In the Netherlands, the GDPR replaced the Dutch Personal Data Protection Act (Wbp), which was widely regarded as unclear. Unfortunately, the GDPR has not brought more clarity. The GDPR contains many provisions with open norms, making it often susceptible to multiple interpretations. This was intentionally designed by the European legislator to accommodate future technological developments. However, the consequence is that it is not a simple task to apply the GDPR correctly.
GDPR Compliance
The GDPR imposes many obligations on businesses, including the requirement to develop a privacy policy within your organization, create a privacy statement, maintain a record of processing activities, and enter into data processing agreements with suppliers who process personal data on your behalf. If you intend to use new technologies, such as a specific app or a portal where personal data is processed, it may be mandatory to conduct a Data Protection Impact Assessment (DPIA). Additionally, you are required to implement appropriate technical and organizational measures to secure personal data. Our privacy and data protection attorneys can advise, assist, and guide you in all of these areas.
Data Breaches
Despite efforts to prevent them, data breaches may inevitably occur. Depending on the severity of the breach, it must be reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) and/or the affected individuals. It is crucial to act appropriately in the event of a data breach and to adhere to the timeframes specified by the GDPR. This helps prevent unnecessary damage and potential sanctions.
Dutch Data Protection Authority (AP)
The Dutch Data Protection Authority (AP) is the regulatory body responsible for overseeing compliance with privacy laws and regulations in the Netherlands. The AP has extensive powers to impose fines, which can amount to millions of euros or a significant percentage of an organization’s annual revenue. In recent years, the AP has shown that it actively uses this authority. Several hospitals, businesses, and public institutions have been fined (heavily) for non-compliance with privacy regulations. Our firm has experience with investigations conducted by the AP and legal procedures related to fines imposed by the AP.
Other Legislation
In addition to the GDPR, there is a range of other legislation related to privacy and data protection. Specifically, for sectors that handle sensitive personal data, such as healthcare, there are additional, sector-specific regulations. Our attorneys have up-to-date knowledge of privacy laws relevant to your industry or sector.
