Home / Insight / GDPR

GDPR

Go to International

The EU data protection landscape, having remained largely unchanged since 1995, is now on the brink of a radical transformation. After extensive negotiations, the GDPR was formally adopted on 4 May 2016 and is set to replace most EU data protection legislation.

Unlike the current Directive, the GDPR will be directly applicable in all EU Member States without the need for national legislation. It will apply from 25 May 2018.

The GDPR brings new concepts into the regulatory spotlight, including profiling and the right to be forgotten. It imposes extensive new obligations on businesses and transforms the role of the Data Processor. Rights for individuals are significantly strengthened and maximum fines in respect of breaches are increased exponentially to €20,000,000 or 4% of annual worldwide turnover under the GDPR.

If you would like more information on the GDPR or the Directive, please contact one of the members of our Data Protection & Privacy team.

Data Law Nav­ig­at­or | The Neth­er­lands
Sub­scribe to Data Pro­tec­tion & Pri­vacy Top­ics
Pri­vacy, Data Pro­tec­tion and Cy­ber­se­cur­ity Bro­chure
Leg­al pre­ci­sion in pri­vacy, data se­cur­ity and data pro­tec­tion

Feed

Show only
05 March 2021
CMS Ex­pert Guide: Data Law Nav­ig­at­or
Data provides a whole range of op­por­tun­it­ies but also in­cludes new and unique risks for com­pan­ies, gov­ern­ments and in­di­vidu­als. From sec­tor-spe­cif­ic nu­ances to loc­al derog­a­tions from the EU GDPR, sim­ul­tan­eously...
Comparable
22 October 2020
CMS launches data breach app
CMS launches its Breach As­sist­ant app, a tech­no­logy plat­form that gives busi­nesses af­fected by a po­ten­tial data breach or oth­er cy­ber in­cid­ent a head­start dur­ing the first crit­ic­al hours. CMS has de­veloped...
28 September 2020
GDPR En­force­ment Track­er Re­port
1st edi­tion 2020All EU Mem­ber States have been re­quired to ap­ply the Gen­er­al Data Pro­tec­tion Reg­u­la­tion ("GDPR", Reg­u­la­tion (EU) 2016/679) since 25 May 2018. After a cau­tious ini­tial peri­od, the EU data pro­tec­tion au­thor­it­ies ("DPA") have in­creased their fin­ing activ­ity sig­ni­fic­antly. This GDPR En­force­ment Track­er Re­port aims to provide you with valu­able in­sights in­to the fin­ing activ­it­ies of all EU DPAs un­der the GDPR, as well as the ICO's prac­tice in the United King­dom. Our ana­lys­is is based on the pub­licly avail­able data on fines that we col­lect and com­pile at www.en­force­ment­track­er.com. We in­tend to pub­lish an­nu­al edi­tions of this re­port, and we ex­pect that the rel­ev­ance of in­sights will stead­ily in­crease as more data on fines be­comes avail­able.Over­view, coun­try and sec­tor ap­proachIn search of guid­ance on how to op­tim­ise its own data pro­tec­tion strategy and pri­or­it­ise data pro­tec­tion meas­ures, a com­pany will nat­ur­ally want to look at its peers and the com­pet­ent au­thor­it­ies' prac­tice. This holds true both in terms of busi­ness sec­tors and jur­is­dic­tion. Kick­ing off with an over­all sum­mary on the ex­ist­ing fines ("Num­bers and Fig­ures"), we have cor­res­pond­ingly di­vided the fines in­to the fol­low­ing busi­ness sec­tors and con­sidered the re­spect­ive fines' ori­gins:Fin­ance, in­sur­ance and con­sultingAc­com­mod­a­tion and hos­pit­al­ity­Health careIn­dustry, com­merce and real es­tate­Media, tele­coms and broad­cast­ing­Pub­lic sec­tor­Trans­port­a­tion and en­ergy­In­di­vidu­als and private as­so­ci­ation­sEm­ploy­er­sY­our takeawaysThe in-depth ana­lys­is per­mits first con­clu­sions to be drawn as to which busi­ness sec­tors at­trac­ted par­tic­u­larly hefty fines. We have also ana­lysed the DPAs' reas­on­ings for the fines. These as­pects to­geth­er al­low us to provide you with key takeaways for each busi­ness sec­tor. Apart from the law­ful­ness of each data pro­cessing op­er­a­tion, bol­ster­ing data se­cur­ity should re­main in the spot­light for every or­gan­isa­tion. Lit­ig­a­tion in data pro­tec­tion is set to in­crease in the near fu­ture. Or­gan­isa­tions that main­tain up-to-date se­cur­ity meas­ures will be best pre­pared for the fu­ture and for po­ten­tial lit­ig­a­tion.
04/05/2020
5 mis­con­cep­tions about the GDPR data breach no­ti­fic­a­tion
In 2019, the Dutch Data Pro­tec­tion Au­thor­ity (DDPA) re­ceived 26.956 data breach no­ti­fic­a­tions. The ma­jor­ity of these breaches were no­ti­fied by or­gan­isa­tions act­ive in health sec­tor (mostly hos­pit­als...
16/03/2020
Em­ploy­ment and com­mer­cial as­pects of Coronavir­us
The situ­ation re­gard­ing COV­ID-19 (Coronavir­us) is de­vel­op­ing world­wide. Com­pan­ies are now faced with unique chal­lenges and vari­ous con­cerns, in­clud­ing many leg­al ques­tions. What ob­lig­a­tions do em­ploy­ers...
05 March 2020
Coronavir­us: em­ploy­er meas­ures and policies
COV­ID-19, the dis­ease as­so­ci­ated with the coronavir­us that has dom­in­ated glob­al news in re­cent weeks, is be­ing battled on many fronts with spe­cif­ic meas­ures de­signed to re­duce its ef­fects. Al­though the...
16/12/2019
CMS is re­leas­ing its ‘Shar­ing is (S)caring’ Pod­cast Series
What are the key tech­nic­al, policy, com­mer­cial and eth­ic­al build­ing blocks that must be in place to meet the needs of a di­git­al so­ci­ety that is not only in­clus­ive, sus­tain­able, com­mer­cially vi­able, but...
11/12/2019
Shar­ing is (S)caring: Your face is a weapon
Many will already be fa­mil­i­ar with 'fa­cial re­cog­ni­tion'. The term is reg­u­larly seen in news stor­ies, with com­munit­ies such as San Fran­cisco ban­ning the use of it by their po­lice de­part­ments. If you use...
11/09/2019
Token­ized As­sets: De­vel­op­ing an Eco­sys­tem for Di­git­al Real Es­tate As­sets
Block­chain tech­no­logy maybe chan­ging the real es­tate sec­tor soon­er than you think. Real es­tate pro­fes­sion­als and block­chain ex­perts will dis­cuss the ex­pect­a­tions, im­pact, obstacles and risks. The pan­el­ists...
21/08/2019
Token­ized As­sets: An In­vestor’s Per­spect­ive
What as­set classes are best suited to token­iz­a­tion? How to per­suade man­age­ment in­to token­ized in­vest­ments? Private in­vestor Robert Nass; Maven11 Head of In­vest­ments and Trad­ing, Balder Bomans; Frijt CEO...
07/08/2019
Token­ized As­sets: Reg­u­la­tion and Gov­ernance - A Dutch Per­spect­ive
CMS Coun­sel Clair Wer­mers and CMS At­tor­ney-at-law Si­mon Sanders talk about reg­u­la­tions and gov­ernance con­cern­ing token­iz­ing from a Dutch and European per­spect­ive, with a par­tic­u­lar fo­cus on the im­pact...
15/07/2019
'Data pro­tec­tion au­thor­it­ies are aware of the is­sues, reg­u­lat­ory ac­tion...
It has been more than a year since the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) came in­to ef­fect, im­pos­ing mul­tiple ob­lig­a­tions on or­gan­iz­a­tions that pro­cess per­son­al data. One of the so called "hid­den...