Welcome to Penrose Privacy and Information Security
Penrose specialises in information law, privacy and information security under Dutch law. We advise and assist international IT providers, IT developers, procurement and investors in the context of processing personal data, information security and data protection under the laws of the Netherlands and Europe. Hereafter, we discuss some of the privacy related topics that we encounter on a daily basis.
Others also searched for:
General Data Protection Regulation (GDPR)
If your company or organisation collects, stores, transfers or otherwise processes personal data such as names and email addresses of European citizens, you fall within the scope of the GDPR (General Data Protection Regulation). This means that organisations based in the United States of America that (also) target users or consumers in Europe, are also covered by the GDPR.
More information on how to comply with the GDPR is available here.
Data Processing Agreement
If your organisation engages a third party to process personal data on your behalf, the GDPR requires that arrangements in this respect are made in writing: the so-called ‘processing agreement’. This is required, for example, when an organisation outsources its payroll administration or IT facilities.
The data processing agreement sets out how the third party (the ‘processor’) should process and protect the personal data of the organisation (the ‘controller’).
More information about data processing agreements is available here.
Technical and organisational security measures
Every controller is obliged to take ‘adequate technical and organisational measures’ to protect the personal data against loss, theft, unauthorised access and misuse (i.e. data breaches).
The GDPR does not specifically prescribe the technical and organisational measures. It only indicates that the nature, scope and purpose of the processing as well as the privacy risks in proportion to the state of the art of the technology and the implementation costs should be considered. For example, a higher level of security measures is expected for the processing of special personal data of minors, than for the processing of a file containing only ten names and email addresses.
Dutch privacy and security specialist
At Penrose, our privacy lawyers specialised in data protection and IT security are happy to work with you and answer any questions you may have. Contact details are available here.