With the introduction of the General Data Protection Regulation (GDPR), privacy law is here to stay. The GDPR is about personal data. Personal data are any data that can be traced directly or indirectly to a natural person.
 

The GDPR imposes obligations on organisations accessing, storing, retaining, transferring, and using personal data in other ways. These rules apply to almost all organisations and authorities.
 

Duty of disclosure
Your organisation uses personal data, including from your customers, employees and suppliers. The law requires you to actively inform these individuals about the use of their personal data. We advise you on how to do that.

We review or draft data processing agreements and privacy policies. We help with and advise on data breaches. And we advise on your internal privacy policies, retention periods, camera surveillance, conduct DPIAs, and much more.
 

The importance of compliance
Organisations can face hefty fines for failing to fully or adequately comply with privacy laws. Failure to comply with the GDPR could also reflect poorly on your organisation. This can lead to reputational damage. To prevent this from happening to our clients, we help them to make their organisations GDPR-compliant. We have developed a 12-step plan and models for this purpose. And we provide in-house privacy awareness training. Our 12-step privacy plan is free and available on request.
 

Data protection officer (DPO)
Your organisation needs to appoint a DPO in certain cases. We advise on this and also provide DPO services. Hylke Klasens is available for this on an as-needed basis. As this is often not a full-time position, it may be sufficient for a DPO to work one hour a month in your organisation.