Welcome to Penrose Privacy Law
Penrose advises and assists companies and institutions in the field of personal data and data protection pursuant to Dutch law and European legislation. We draft all relevant privacy-related agreements and statements. Penrose also represents companies and institutions facing privacy audits and privacy compliance procedures. In the event of a data breach, we can provide immediate assistance with the actions that need to be taken as well as address the matter of who can potentially be held liable for the data breach. Some of the privacy-related issues that we encounter on a daily basis are outlined below.
Privacy law and Compliance
The development of new technologies and data applications is never-ending. Increasingly strict laws and regulations governing the use of personal data present a challenge but also an opportunity to distinguish yourself as an organization.
What is personal data according to Dutch law? This is usually self-evident. But is a domain name personal data? Or an IP number?
The arrival of the new privacy legislation (the GDPR, General Data Protection Regulation), means that the use of personal data in the Netherlands is subject to stricter rules and the supervision of compliance by the Dutch Data Protection Authority has been extended.
In essence, this is about the processing of personal data being lawful, legitimate and transparent. In this context, the controller of the data has a number of obligations in the Netherlands, such as:
- safeguarding the privacy by design principle;
- implementing appropriate technical and organisational measures to ensure the security of personal data;
- having the correct privacy documentation in order (e.g. processor agreements and privacy statements).
Privacy statements, data processing agreements and cookies
Personal Data breaches
A data breach is a breach of information security that results in unauthorised access to personal data. The breach may be intentional and unlawful, for example by hacking, phishing or other forms of cybercrime. However, the breach can also happen accidentally, e.g. by sending personal data to the wrong recipient or losing a laptop or USB stick containing personal data.
Companies and organisations are in certain cases obliged to report the data breach to the Dutch Privacy Authority and in some cases also to the data subject whose personal data is involved.
If the data leak is caused by or at the processor, clear agreements regarding timely notification and cooperation are important to be able to comply with the GDPR in the Netherlands. In addition, the question of liability for any damages (or consequential damages) may also be relevant.
Privacy aspects in mergers and acquisitions
In preparation for a takeover or merger (as part of due diligence) documents containing personal data, for example of employees or customers, are often shared. Both from the perspective of the seller and the potential buyer, it is important to pay attention to Dutch law privacy aspects.
Dutch Privacy law specialists
Penrose employs lawyers specialised in Privacy law who are pleased to assist you and answer your questions. We advise and assist companies and institutions with regard to personal data matters and data protection. The contact details of our Privacy specialist is given here.