Penrose advocatenkantoor in Amsterdam
Penrose header informatierecht afbeelding

Privacy and information security

  /    /  Privacy and information security

Welcome to Penrose Privacy and Information Security

Penrose specialises in information law, privacy and information security under Dutch law. We advise and assist international IT providers, IT developers, procurement and investors in the context of processing personal data, information security and data protection under the laws of the Netherlands and Europe. Hereafter, we discuss some of the privacy related topics that we encounter on a daily basis.

Others also searched for:

If your company or organisation collects, stores, transfers or otherwise processes personal data such as names and email addresses of European citizens, you fall within the scope of the GDPR (General Data Protection Regulation). This means that organisations based in the United States of America that (also) target users or consumers in Europe, are also covered by the GDPR.

More information on how to comply with the GDPR is available here.

If your organisation engages a third party to process personal data on your behalf, the GDPR requires that arrangements in this respect are made in writing: the so-called ‘processing agreement’. This is required, for example, when an organisation outsources its payroll administration or IT facilities.

The data processing agreement sets out how the third party (the ‘processor’) should process and protect the personal data of the organisation (the ‘controller’).

More information about data processing agreements is available here.

Every controller is obliged to take ‘adequate technical and organisational measures’ to protect the personal data against loss, theft, unauthorised access and misuse (i.e. data breaches).

The GDPR does not specifically prescribe the technical and organisational measures. It only indicates that the nature, scope and purpose of the processing as well as the privacy risks in proportion to the state of the art of the technology and the implementation costs should be considered. For example, a higher level of security measures is expected for the processing of special personal data of minors, than for the processing of a file containing only ten names and email addresses.

At Penrose, our privacy lawyers specialised in data protection and IT security are happy to work with you and answer any questions you may have. Contact details are available here.

Our IT
Chantal Bakermans portret
Attorney at law, Partner
profilepicture Lukas Witsenburg round
Attorney at law, Partner

Information Technology