I assist clients in data protection matters, nationwide.
Part of my advisory activity are the drafting of instruction and information papers, data protection audits, technical and organizational measures, external data processing service, communication with supervisory authority and prevention penalties and fines.
When the GDPR entered into force in 2018, data protection law has reached a new dimension. The provision of the GDPR aimed to protect personal data as well as to enable data traffic in the European Union. As of the effective date, the stipulation of the GDRP have brought to entrepreneurs many insecurities on how to implement the GDPR.
As a consequence, websites were shut down, the end of the photography was proclaimed, and the authorities were bombarded with questions on the application.
Get access to :
- GDRP compliant privacy declaration
- For online shops
- Commercial websites
- Commercial Facebook pages (i.e. for influencers)
- Commercial Instagram pages (i.e. for influencers)
- Information papers
- For patients
- Data secrecy provisions
- Data processing activities
- Data protection concepts.
In order to provide you with an overview on the GDRP, please read the following F.A.Q.
To whom applies the GDRP?
There’s no exception from the scope of the GDRP for small businesses or non-profit organizations. The GDRP is applicable for million-euro businesses as well as for one-man companies.
The GDRP is applicable to the (partially) automated processing of personal data.
What is personal data?
Personal data is information relating to an identified or identifiable individual directly or indirectly identifiable by reference to an identifier.
Of what consists the processing directory?
In general the following components are tob e included:
Name and contact information of the person responsible for data processing
Purpose of processing
Description of different categories of data subjects and categories of personal data
categories of recipients including those in third countries
What principles apply to the processing of personal data?
The following principles are applicable:
Generally, a so-called prohibition with permission reservation needs to be observed- Personal data can only be collected, stored and processed if an express consent has been obtained or if the data controller can base his processing on a legal basis.
Processed data needs to be correct and up to date.
Purpose limitation: The purpose of the processing needs to be determined before processing data.
What is contract data processing?
In this case data is processed on the basis of a contract. The processor is bound by instructions the contracting party.
Who needs a data protection officer?
The fact alone, that personal data is processed doesn’t necessarily mean that a data protection officer needs to be appointed. In fact, special circumstances need to be present, such as the number of employees or the processing of special categories of data.
What sanctions can be imposed?
Violations of the stipulations of the GDPR may have all sorts of sanctions. Fines, damages and compensations may have to be paid.
What is the purpose of the data protection authorities?
The data protection authority is for example able to impose fines, to advise on data protection matters and answer data related questions.