Data Protection & Privacy

Back to TMC - Technology, Media & Communications

The Cybersecurity & Privacy Team of CMS Netherlands has a long standing practical experience of advising Dutch and international clients on cybersecurity and data protection matters across a wide range of industries. Our approach combines thorough legal specialisation with expertise in sector and application-specific requirements and concepts that has been gained through our work.

Cybersecurity

Hand-in hand with fast-paced technological change and market disruption come concerns about cyber incident matters, such as business e-mail compromise, CEO fraud and ransomware attacks. We help organizations to determine effective legal strategies in cyber risk management. We believe cyber risk to be a holistic issue, which cannot be resolved by merely looking through the eyes of a lawyer. Our specialists are used to closely cooperate in multidisciplinary teams at any level within your organization, including IT, HR, legal & compliance, PR and the board. Our daily operations also include close collaborations with external IT (forensic) specialists and crisis communications experts.

Our expertise includes:

  • Providing 24/7 cyber incident legal response services
  • Drafting and negotiating information security agreements
  • Cyber loss related litigation
  • Representing clients in breach notification procedures and investigations
  • Multistakeholder incident management (board, legal & compliance, public relations.

Data Protection & Privacy

We provide support and advice on structuring business models in compliance with data protection regulations (privacy by design), enabling such models to be implemented in an environment where privacy and personal rights are becoming increasingly sensitive issues. Close international co-operation within the CMS Data Protection Group enables us to deal with issues at any European level.

Our expertise includes:

  • Data protection-compliant structuring of business models and all internal/external processes which involve personal data of customers, employees or third parties.
  • Advising on the exchange or export of personal data.
  • Data protection issues in bringing IT or business processes to the cloud or in providing cloud services for customers.
  • Drafting processor agreements and BCR
  • Designing privacy policies and data protection strategies at group, corporate, departmental or process level, including works council and collective employment law aspects.
  • Advice on (technical) aspects of system data protection and on related legal issues in connection with the acquisition, creation, use and analysis of information / big data.
  • Dealing with and representation before Data Protection Authority and other public bodies.

We have gained experience in coaching the legal side of data protection projects and issues for clients in many different industries, such as the financial services, health care & life sciences, IT and telecoms, consumer goods, real estate (investment management) and hotels & leisure industries.

Excellent business acumen and knowledgeable people. Focused on good collaboration during complex cases, excellent listeners and filtering out the essence quickly.

The Legal500 EMEA, 2022

Willing to achieve the utmost, deliver high standards.

The Legal500 EMEA, 2022

‘Very pragmatic approach to privacy issues around the globe.’

Legal500 EMEA, 2021
09/09/2021
The Chan­ging Face of Cy­ber Claims
A cy­ber in­sur­ance loss study in Con­tin­ent­al Europe
GDPR
In­sight
Data Law Nav­ig­at­or
Use the Data Law Nav­ig­at­or for a quick look at data pro­tec­tion laws in...

Feed

13/09/2022
Open secrets? Guard­ing value in the in­tan­gible eco­nomy
Some leaks can’t be fixed “Con­fid­en­tial in­form­a­tion is like an ice cube... give it to the party who has no re­fri­ger­at­or or will not agree to keep it in one, and by the time of the tri­al you have just a pool of wa­ter.” This, from the so-called Spycatch­er case (1987), ap­plies well to cor­por­ate as­sets: fail to store them cor­rectly and all you might have left is an ex­pens­ive mess.The con­sequences of even a minor ex­pos­ure of a trade secret can be huge. As this re­port re­veals, the pro­tec­tion of trade secrets is rightly re­cog­nised by most seni­or ex­ec­ut­ives as a pri­or­ity is­sue. But the re­search also re­veals gaps that leave com­pan­ies un­ne­ces­sar­ily ex­posed to risks. The top named threats – cy­ber­se­cur­ity at­tacks and em­ploy­ee leaks – res­on­ate with what we see im­pact­ing our cli­ents. In­creased home and re­mote work­ing is strain­ing se­cur­ity meas­ures and em­ploy­ee loy­alty. Ad­ded to this, an ‘in­nov­ate or die’ at­ti­tude in highly-com­pet­it­ive sec­tors can mo­tiv­ate new join­ers to ar­rive with ques­tion­able ma­ter­i­al from their pre­vi­ous em­ploy­er, or worse: out­right theft between com­pet­it­ors. But while it is easy to fo­cus on the lurk­ing threats from weakened cy­ber se­cur­ity and dis­gruntled em­ploy­ees – and they are im­port­ant – there are more routine ac­tions a com­pany can take to safe­guard its secrets than just up­dat­ing its IT sys­tems or the em­ploy­ee hand­book. Com­monly, those who most need our help already have a trade secrets policy but have not prop­erly im­ple­men­ted it in re­la­tion to the secret in ques­tion. Or the policy has not been up­dated to re­flect the in­tan­gible as­sets the busi­ness now owns. Or pro­tec­tion was taken for gran­ted.With trade secrets – which for many busi­nesses are stra­tegic­ally more im­port­ant than a pub­lic pat­ent port­fo­lio – it is al­ways cost­li­er and messi­er to find solu­tions after a theft or a leak. Identi­fy­ing the trade secrets and the threats posed to them, com­bined with rig­or­ous in­tern­al pro­cesses and well-draf­ted con­tracts, can help pre­vent such prob­lems from hap­pen­ing. Harder, but just as ne­ces­sary, is en­ga­ging hearts and minds in cor­por­ate cul­ture, to know why trade secrets are im­port­ant, why we are all are re­spons­ible for pro­tect­ing them, and what may hap­pen if we do not (to both the com­pany and the in­di­vidu­al). In our ex­per­i­ence, the busi­nesses with the strongest de­fences have not only thought stra­tegic­ally about their in­tan­gible as­sets and how best to pro­tect them but are also pre­pared for the worst. The trick to avoid­ing an as­set be­com­ing a crisis is to be wise be­fore the event.
07/07/2022
CMS European Class Ac­tions Re­port 2022
Data driv­en in­sights in­to  class ac­tion risk across Europe, a key con­cern for ma­jor cor­por­ates
01/06/2022
GDPR fines ex­ceed EUR 1.5 bil­lion in Europe
The total amount of pub­lished fines in Europe in 2021 for non-com­pli­ance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) has ris­en to EUR 1.581 bil­lion since the im­ple­ment­a­tion of the GDPR in 2018...
01/06/2022
CMS Next
What’s next? In a world of ever-ac­cel­er­at­ing change, stay­ing ahead of the curve and know­ing what’s next for your busi­ness or sec­tor is es­sen­tial.At CMS, we see ourselves not only as your leg­al ad­visers but also as your busi­ness part­ners. We work to­geth­er with you to not only re­solve cur­rent is­sues but to an­ti­cip­ate fu­ture chal­lenges and in­nov­ate to meet them.With our latest pub­lic­a­tion, CMS Next, our ex­perts will reg­u­larly of­fer you in­sights in­to and fresh per­spect­ives on a range of is­sues that busi­nesses have to deal with – from ESG agen­das to re­struc­tur­ing after the pan­dem­ic or fa­cing the di­git­al trans­form­a­tion. We will also share with you more about the work that we are do­ing for our cli­ents, help­ing them in­nov­ate, grow and mit­ig­ate risk.To be able to provide you with the best sup­port, we im­merse ourselves in your world to un­der­stand your leg­al needs and chal­lenges. However, it is equally im­port­ant that you know who we are and how we can work with you. So, we in­vite you to meet our ex­perts and catch a glimpse of what is hap­pen­ing in­side CMS.En­joy read­ing this pub­lic­a­tion, which we will up­date reg­u­larly with new con­tent.CMS Ex­ec­ut­ive Team
09/09/2021
The Chan­ging Face of Cy­ber Claims
A cy­ber in­sur­ance loss study in Con­tin­ent­al Europe
16/06/2021
CMS European Class Ac­tions Re­port 2021
First re­port on the true pic­ture of European class ac­tion risk, a key con­cern for ma­jor cor­por­ates 
22/10/2020
CMS launches data breach app
CMS launches its Breach As­sist­ant app, a tech­no­logy plat­form that gives busi­nesses af­fected by a po­ten­tial data breach or oth­er cy­ber in­cid­ent a head­start dur­ing the first crit­ic­al hours. CMS has de­veloped...
14/07/2020
The Chan­ging Face of Cy­ber Claims
At the in­vit­a­tion of glob­al ex­perts in in­sur­ance brok­ing and risk man­age­ment, Marsh, and IT con­sult­ants, Wave­stone, CMS has con­trib­uted to The Chan­ging Face of Cy­ber Claims study which looks at prac­tic­al...
11/05/2020
AI in Life Sci­ences
Ar­ti­fi­cial in­tel­li­gence is not new: the term it­self was coined over 60 years ago. However, the con­ver­gence of data volume, pro­cessing power and tech­nic­al cap­ab­il­ity has con­vinced many that the AI era...
04/05/2020
5 mis­con­cep­tions about the GDPR data breach no­ti­fic­a­tion
In 2019, the Dutch Data Pro­tec­tion Au­thor­ity (DDPA) re­ceived 26.956 data breach no­ti­fic­a­tions. The ma­jor­ity of these breaches were no­ti­fied by or­gan­isa­tions act­ive in health sec­tor (mostly hos­pit­als...
16/03/2020
Em­ploy­ment and com­mer­cial as­pects of Coronavir­us
The situ­ation re­gard­ing COV­ID-19 (Coronavir­us) is de­vel­op­ing world­wide. Com­pan­ies are now faced with unique chal­lenges and vari­ous con­cerns, in­clud­ing many leg­al ques­tions. What ob­lig­a­tions do em­ploy­ers...
05/03/2020
Coronavir­us: em­ploy­er meas­ures and policies
COV­ID-19, the dis­ease as­so­ci­ated with the coronavir­us that has dom­in­ated glob­al news in re­cent weeks, is be­ing battled on many fronts with spe­cif­ic meas­ures de­signed to re­duce its ef­fects. Al­though the...