Privacy Law

Why Choose a Lawyer specialized in Privacy Law?

Since May 25 2018, the General Data Protection Regulation (GDPR) has been in effect. The GDPR has increased the responsibilities of organizations to safeguard citizens' privacy. Organizations are accountable for complying with the obligations set out in the GDPR and must be able to demonstrate this compliance. In addition to the GDPR, the provisions of the General Data Protection (Implementation) Act (GDPR Implementation Act) and sector-specific legislation are also relevant. Specific standards may apply depending on the industry. For example, consider the regulations regarding electronic data exchange in healthcare.

On this page, you can learn what a lawyer specialized in privacy law from Yspeert can do for your organization.

Our Lawyers specialized in Privacy Law and Legal Advisors Work for the Following Clients:

Healthcare Institutions
As healthcare institutions process sensitive personal data of patients/clients, it is essential that such data is handled with care. Healthcare institutions frequently exchange personal data with other healthcare providers or with their clients. Various (sector-specific) laws regulate this data exchange. A privacy law attorney or legal expert from Yspeert can support your organization in complying with the GDPR and sector-specific laws, such as the Dutch Medical Treatment Agreement Act (Wet op de geneeskundige behandelingsovereenkomst) and the Dutch Supplementary Provisions for the Processing of Personal Data in Healthcare Act (Wet aanvullende bepalingen verwerking persoonsgegeveens in de zorg). Additionally, a lawyer specialized in privacy law can assess whether your healthcare institution must comply with the NEN standards relevant to the healthcare sector.

Government Bodies
Since citizens are, in most cases, required to provide personal data to the government, government bodies serve as an example when it comes to compliance with privacy regulations. Due to an increasing number of collaborations and chain partners, data is being exchanged more frequently. A lawyer specialized in privacy law or legal advisor from Yspeert can assist your organization (such as a municipality or province) in maintaining oversight and ensuring demonstrable compliance with GDPR obligations.

Businesses
Every business processes personal data, whether this is a core activity or merely a byproduct of its services. In both cases, it is crucial to protect customer data effectively. It is also important to handle employee personal data with care. A lawyer specialized in privacy law or legal advisor from Yspeert can help your business map out data processing activities (per department) and align your organization with the GDPR.

Schools and Educational Institutions
Schools and educational institutions store students' personal data in student records. As these records include information on students' development and academic performance, they contain sensitive personal data. A lawyer specialized in privacy law or legal advisor from Yspeert can assist your educational institution in handling student data with care. Additionally, our lawyers specialized in privacy law can review or draft agreements that you enter into with chain partners regarding the exchange of personal data.

Housing Corporations
Housing corporations process large volumes of personal data of their tenants. This includes not only name and address details but also sensitive information such as income statements and bank account numbers. Housing corporations frequently deal with tenants (data subjects) who wish to exercise their privacy rights, such as requesting access to their personal data. A lawyer specialized in privacy law or legal advisor from Yspeert can assist your housing corporation in assessing and handling these requests.

Our Lawyers specialized in Privacy Law and Legal Advisors Can Provide the Following Services:

• Conducting a GDPR Quick Scan;
• Legal representation in judicial proceedings, including enforcement actions by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens);
• Drafting and reviewing data processing agreements and joint controller agreements;
• Drafting and reviewing privacy and cookie statements;
• Drafting and reviewing a record of processing activities, as well as mapping out various data processing activities for your organization;
• Drafting and reviewing internal privacy policies. Our lawyers specialized in privacy law can also advise on the implementation of your privacy policy;
• Conducting a Data Protection Impact Assessment (DPIA) and assessing whether a DPIA is required;
• Advising on the secure transfer of data to third countries outside the EU, including conducting a Data Transfer Impact Assessment (DTIA);
• Assessing and handling data breaches, as well as drafting a data breach procedure and data breach register;
• Assessing and processing requests for access, erasure, and rectification of personal data;
• Acting as a (temporary) in-house Privacy Officer;
• Serving as an external Data Protection Officer (DPO);
• Providing lectures and workshops, for example, to raise awareness among employees.