GDPR
The General Data Protection Regulation (GDPR) replaces the national data protection laws in all EU countries.
In the Netherlands, it replaced the Wet Bescherming Persoonsgegevens (WBP).
GDPR specifies how personal data is to be used and protected and applies not only to EU organizations, but also to non-EU companies, for example when they process personal data in the context of selling goods and services to citizens in the EU.
Within these companies, GDPR has impact on all processes from marketing and sales to customer service, finance and administration.
Non-compliance can result in penalties of up to 20 million Euros or 4% of global revenue.
These measures are intended to hold companies accountable within the growing data economy and strengthen an individual’s control over their personal information and privacy.
As a result, companies have to
1. allow data subjects to access their personal information
2. designate a data protection officer (DPO) dedicated to the protection of personal data in case of activities with a high privacy risk
3. report data breaches within 72 hours to the supervisory authority as well as the data subject
GDPR compliance is not a one-time activity, but a continuous process. Organisations need to embed privacy and data protection into their culture.
This requires fundamental changes to a company’s infrastructure to ensure data is not stored longer than necessary and is destroyed or anonymised in a timely fashion.
KVdL’s Privacy team is highly specialized in this field and supports companies on their way to compliance.
Market recognition
The Legal 500 EMEA 2020 - Data Privacy and Data Protection - Tier 1
The Kennedy Van der Laan team is noted for combining its legal expertise with a thorough understanding of the technologies involved. The practice assists clients with all the various uses of commercial data, including big data, and advises on contractual and regulatory matters as well as investigations and enforcement cases. Its broad client roster includes those in the financial, healthcare and transport and logistics sectors. Hester de Vries, who has a background at the Dutch Data Protection Authority, is highly recommended and Quirine Tjeenk Willink is considered 'best in class' for complicated cases.
Testimonials
‘The privacy team combines first-class legal knowledge with an in-depth understanding of technologies.’
‘Best in class is without any doubt is Quirine Tjeenk Willink. She’s the must-see counsel for top-notch, hands-on advice in complicated matters.’
Chambers Europe 2020 - TMT: Data Protection
What the team is known for
Advises on a variety of data protection mandates, spanning from compliance mandates to investigation proceedings involving sensitive personal data.
Notable practitioners
Hester de Vries is a distinguished practitioner with extensive experience in data protection matters, spanning from compliance and regulatory aspects of intra-group data exchanges, to investigations related to access to sensitive personal data.