Data Protection & Privacy

Law Firm in the Netherlands specialised in Data Protection & Privacy

Back to TMC - Technology, Media & Communications

The Cybersecurity & Privacy Team of CMS Netherlands has a long standing practical experience of advising Dutch and international clients on cybersecurity and data protection matters across a wide range of industries. Our approach combines thorough legal specialisation with expertise in sector and application-specific requirements and concepts that has been gained through our work.

Cybersecurity

Hand-in hand with fast-paced technological change and market disruption come concerns about cyber incident matters, such as business e-mail compromise, CEO fraud and ransomware attacks. We help organizations to determine effective legal strategies in cyber risk management. We believe cyber risk to be a holistic issue, which cannot be resolved by merely looking through the eyes of a lawyer. Our specialists are used to closely cooperate in multidisciplinary teams at any level within your organization, including IT, HR, legal & compliance, PR and the board. Our daily operations also include close collaborations with external IT (forensic) specialists and crisis communications experts.

Our expertise includes:

  • Providing 24/7 cyber incident legal response services
  • Drafting and negotiating information security agreements
  • Cyber loss related litigation
  • Representing clients in breach notification procedures and investigations
  • Multistakeholder incident management (board, legal & compliance, public relations.

Data Protection & Privacy

We provide support and advice on structuring business models in compliance with data protection regulations (privacy by design), enabling such models to be implemented in an environment where privacy and personal rights are becoming increasingly sensitive issues. Close international co-operation within the CMS Data Protection Group enables us to deal with issues at any European level.

Our expertise includes:

  • Data protection-compliant structuring of business models and all internal/external processes which involve personal data of customers, employees or third parties.
  • Advising on the exchange or export of personal data.
  • Data protection issues in bringing IT or business processes to the cloud or in providing cloud services for customers.
  • Drafting processor agreements and BCR
  • Designing privacy policies and data protection strategies at group, corporate, departmental or process level, including works council and collective employment law aspects.
  • Advice on (technical) aspects of system data protection and on related legal issues in connection with the acquisition, creation, use and analysis of information / big data.
  • Dealing with and representation before Data Protection Authority and other public bodies.

We have gained experience in coaching the legal side of data protection projects and issues for clients in many different industries, such as the financial services, health care & life sciences, IT and telecoms, consumer goods, real estate (investment management) and hotels & leisure industries.

"The CMS Data privacy and data protection practice offers a high level of support that can handle anything from the most basic tasks to supporting with a data breach in less than 2 hours’ notice."

The Legal 500 EMEA, 2023

"The team consists of highly qualified people with thorough knowledge of data privacy and protection."

The Legal 500 EMEA, 2023

"The team is right there the moment you need them. The advice given is carefully formulated and explained in a manner that makes you feel confident that all relevant aspects are considered."

The Legal 500 EMEA, 2023

"Excellent business acumen and knowledgeable people. Focused on good collaboration during complex cases, excellent listeners and filtering out the essence quickly."

The Legal 500 EMEA, 2022

"Willing to achieve the utmost, deliver high standards."

The Legal 500 EMEA, 2022

‘Very pragmatic approach to privacy issues around the globe.’

Legal500 EMEA, 2021
Subscribe to Technology, Media & Communications (TMC) topics
Stay up-to-date with our client services.
21/05/2023
GDPR Enforcement Tracker Report
A warm welcome... ... to the fourth edition of the GDPR Enforcement Tracker Report – the anniversary edition celebrating five years of GDPR. In the five years since the GDPR became applicable its powerful framework for imposing fines has certainly helped to raise awareness and encourage compliance efforts – just as the European legislator intended. At the same time, the risk of fines of up to EUR 20 million or 4% of a company’s global annual turnover can also lead to fear and reluctance or ignorance about compliance issues. We still believe that facts are better than fear. This is why we continuously update our list of publicly known fines in the GDPR  Enforcement Tracker and started the GDPR Enforcement Tracker Report as an annual deep dive approach to provide you with more insights into the world of GDPR fines. As in the three previous editions, the GDPR Enforcement Tracker Report starts with the Executive Summary (also available as a PDF version), followed by the “Numbers and Figures” section and the “Enforcement Insights per business sector” (also including the overarching employment category. The “Enforcement Insights per country” provide background on the specific enforcement framework under national law. Some remarks on our methodology can be found at the very end of the report.
09/09/2021
The Changing Face of Cyber Claims
A cyber insurance loss study in Continental Europe

Feed

12/09/2023
CMS European Class Actions Report 2023
Data-driven insights into class action risk across Europe, a key concern for major corporates
13/09/2022
Open secrets? Guarding value in the intangible economy
Some leaks can’t be fixed “Confidential information is like an ice cube... give it to the party who has no refrigerator or will not agree to keep it in one, and by the time of the trial you have just a pool of water.” This, from the so-called Spycatcher case (1987), applies well to corporate assets: fail to store them correctly and all you might have left is an expensive mess. The consequences of even a minor exposure of a trade secret can be huge. As this report reveals, the protection of trade secrets is rightly recognised by most senior executives as a priority issue. But the research also reveals gaps that leave companies unnecessarily exposed to risks. The top named threats – cybersecurity attacks and employee leaks – resonate with what we see impacting our clients. Increased home and remote working is straining security measures and employee loyalty. Added to this, an ‘innovate or die’ attitude in highly-com­pet­it­ive sectors can motivate new joiners to arrive with questionable material from their previous employer, or worse: outright theft between competitors. But while it is easy to focus on the lurking threats from weakened cyber security and disgruntled employees – and they are important – there are more routine actions a company can take to safeguard its secrets than just updating its IT systems or the employee handbook. Commonly, those who most need our help already have a trade secrets policy but have not properly implemented it in relation to the secret in question. Or the policy has not been updated to reflect the intangible assets the business now owns. Or protection was taken for granted. With trade secrets – which for many businesses are strategically more important than a public patent portfolio – it is always costlier and messier to find solutions after a theft or a leak. Identifying the trade secrets and the threats posed to them, combined with rigorous internal processes and well-drafted contracts, can help prevent such problems from happening. Harder, but just as necessary, is engaging hearts and minds in corporate culture, to know why trade secrets are important, why we are all are responsible for protecting them, and what may happen if we do not (to both the company and the individual). In our experience, the businesses with the strongest defences have not only thought strategically about their intangible assets and how best to protect them but are also prepared for the worst. The trick to avoiding an asset becoming a crisis is to be wise before the event.
07/07/2022
CMS European Class Actions Report 2022
Data driven insights into  class action risk across Europe, a key concern for major corporates
28/06/2022
Artificial intelligence will bring an increased risk of disputes
Almost seven in ten (69%) corporate counsel and risk managers say that their organisation will make greater use of new technologies such as artificial intelligence (AI) over the coming years. This is...
01/06/2022
GDPR fines exceed EUR 1.5 billion in Europe
The total amount of published fines in Europe in 2021 for non-compliance with the General Data Protection Regulation (GDPR) has risen to EUR 1.581 billion since the implementation of the GDPR in 2018...
01/06/2022
CMS Next
What’s next? In a world of ever-ac­cel­er­at­ing change, staying ahead of the curve and knowing what’s next for your business or sector is essential. At CMS, we see ourselves not only as your legal advisers but also as your business partners. We work together with you to not only resolve current issues but to anticipate future challenges and innovate to meet them. With our latest publication, CMS Next, our experts will regularly offer you insights into and fresh perspectives on a range of issues that businesses have to deal with – from ESG agendas to restructuring after the pandemic or facing the digital transformation. We will also share with you more about the work that we are doing for our clients, helping them innovate, grow and mitigate risk. To be able to provide you with the best support, we immerse ourselves in your world to understand your legal needs and challenges. However, it is equally important that you know who we are and how we can work with you. So, we invite you to meet our experts and catch a glimpse of what is happening inside CMS. Enjoy reading this publication, which we will update regularly with new content. CMS Executive Team
09/09/2021
The Changing Face of Cyber Claims
A cyber insurance loss study in Continental Europe
16/06/2021
CMS European Class Actions Report 2021
First report on the true picture of European class action risk, a key concern for major corporates 
22/10/2020
CMS launches data breach app
CMS launches its Breach Assistant app, a technology platform that gives businesses affected by a potential data breach or other cyber incident a headstart during the first critical hours. CMS has developed...
14/07/2020
The Changing Face of Cyber Claims
At the invitation of global experts in insurance broking and risk management, Marsh, and IT consultants, Wavestone, CMS has contributed to The Changing Face of Cyber Claims study which looks at practical...
11/05/2020
AI in Life Sciences
Artificial intelligence is not new: the term itself was coined over 60 years ago. However, the convergence of data volume, processing power and technical capability has convinced many that the AI era...
04/05/2020
5 misconceptions about the GDPR data breach notification
In 2019, the Dutch Data Protection Authority (DDPA) received 26.956 data breach notifications. The majority of these breaches were notified by organisations active in health sector (mostly hospitals...