Home / Expertise / TMC - Technology, Media & Communications / Data Protection & Privacy

Data Protection & Privacy

Nederland

Het Data Protection & Privacy team van CMS Nederland heeft lange praktijkervaring in het adviseren van Nederlandse en internationale cliënten over bescherming van persoonsgegevens en privacy in veel verschillende branches. In onze aanpak combineren we grondig juridisch specialisme met kennis over de specifiek per branche of toepassing geldende eisen die we hebben opgedaan door onze praktijk. Wij bieden support en advies bij het opzetten van business (modellen) in overeenstemming met de privacy regelgeving (privacy by design), waardoor die werkbaar zijn in een omgeving waar privacy en bescherming van persoonsgegevens steeds gevoeliger issues worden. De nauwe internationale samenwerking binnen de CMS Data Protection Group stelt ons in staat om vragen op elk Europees niveau te behandelen.

Enkele voorbeelden van wat we doen:

  • Het privacy-compliant structureren van alle interne en externe processen die te maken hebben met verwerking van persoonsgegevens van klanten, personeel of derden.
  • Advies over uitwisseling of export van persoonsgegevens.
  • Advies over privacy-issues in het naar de cloud brengen van IT- of business processen of het aanbieden van cloud-diensten aan klanten.
  • Opstellen van verwerkersovereenkomsten en BCR
  • Ontwerp van privacy policies en persoonsgegevens-strategieën, inclusief aspecten van ondernemingsraad en CAO.
  • Advies over (technische) aspecten van gegevensbescherming in systemen en verwante juridische issues i.v.m. verzamelen, genereren, gebruik en analyse van informatie / big data.
  • Vertegenwoordiging en optreden bij AP en andere toezichtorganen.
  • Bijstand bij een datalek ('cybersecurity inbreuk') of andere crisis waarin feitelijk of mogelijk schending van beveiliging van persoonsgegevens aan de orde is.

We hebben ervaring opgedaan in het begeleiden van de juridische kant van privacy-gerelateerde projecten voor cliënten in veel verschillende branches, zoals onder meer de financiële dienstverlening, gezondheidszorg en lifesciences, IT en telecom, consumentenproducten, onroerend goed (investment management) en de hotelbranche.

Lees meer Lees minder
AVG
In­sight
Da­ta Law Na­vi­ga­tor
Use the Da­ta Law Na­vi­ga­tor for a quick look at da­ta pro­tec­ti­on laws in...
Sub­scri­be to Da­ta Pro­tec­ti­on & Pri­va­cy To­pics

Feed

05/07/2021
CMS IP/TMC up­da­te ju­ni 2021
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMT gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving.CMS...
08/07/2021
CMS Ex­pert pa­nel; be­scherm en be­vei­lig uw be­drijfs­ge­hei­men
De groot­ste waar­de van be­drij­ven zit van­daag de dag in im­ma­te­ri­ë­le ac­ti­va, die niet door pa­ten­ten of oc­trooi­en be­schermd wor­den – maar door ge­heim­hou­ding. De­ze be­drijfs­ge­hei­men (tra­de se­crets) wor­den...
16/06/2021
CMS Eu­ro­pean Class Ac­ti­ons Re­port 2021
First re­port on the true pic­tu­re of Eu­ro­pean class ac­ti­on risk, a key con­cern for ma­jor cor­po­ra­tes 
09/06/2021
Open se­crets? Gu­ar­ding va­lue in the in­tan­gi­ble eco­no­my
So­me leaks can’t be fixed “Con­fi­den­ti­al in­for­ma­ti­on is li­ke an ice cu­be... gi­ve it to the par­ty who has no re­fri­ge­ra­tor or will not agree to keep it in one, and by the ti­me of the tri­al you ha­ve just a pool of wa­ter.” This, from the so-cal­l­ed Spy­cat­cher ca­se (1987), ap­plies well to cor­po­ra­te as­sets: fail to sto­re them cor­rect­ly and all you might ha­ve left is an ex­pen­si­ve mess.The con­se­quen­ces of even a mi­nor ex­po­su­re of a tra­de se­cret can be hu­ge. As this re­port re­veals, the pro­tec­ti­on of tra­de se­crets is rightly re­cog­ni­sed by most se­ni­or exe­cu­ti­ves as a pri­o­ri­ty is­sue. But the re­search al­so re­veals gaps that lea­ve com­pa­nies un­ne­ces­sa­ri­ly ex­po­sed to risks. The top na­med th­re­ats – cy­ber­se­cu­ri­ty at­tacks and em­ploy­ee leaks – re­so­na­te with what we see im­pac­ting our clients. In­crea­sed ho­me and re­mo­te wor­king is strai­ning se­cu­ri­ty me­a­su­res and em­ploy­ee loy­al­ty. Ad­ded to this, an ‘in­no­va­te or die’ at­ti­tu­de in high­ly-com­pe­ti­ti­ve sec­tors can mo­ti­va­te new joi­ners to ar­ri­ve with ques­ti­o­na­ble ma­te­ri­al from their pre­vious em­ploy­er, or wor­se: out­right theft bet­ween com­pe­ti­tors. But whi­le it is ea­sy to fo­cus on the lur­king th­re­ats from wea­ke­ned cy­ber se­cu­ri­ty and dis­grunt­led em­ploy­ees – and they are im­por­tant – the­re are mo­re rou­ti­ne ac­ti­ons a com­pa­ny can ta­ke to sa­fe­gu­ard its se­crets than just up­da­ting its IT sys­tems or the em­ploy­ee hand­book. Com­mon­ly, tho­se who most need our help al­rea­dy ha­ve a tra­de se­crets po­li­cy but ha­ve not pro­per­ly im­ple­men­ted it in re­la­ti­on to the se­cret in ques­ti­on. Or the po­li­cy has not been up­da­ted to re­flect the in­tan­gi­ble as­sets the bu­si­ness now owns. Or pro­tec­ti­on was ta­ken for gran­ted.With tra­de se­crets – which for ma­ny bu­si­nes­ses are stra­te­gi­cally mo­re im­por­tant than a pu­blic pa­tent port­fo­lio – it is al­ways cost­lier and mes­sier to find so­lu­ti­ons af­ter a theft or a leak. Iden­ti­fying the tra­de se­crets and the th­re­ats po­sed to them, com­bi­ned with ri­gorous in­ter­nal pro­ces­ses and well-draf­ted con­tracts, can help pre­vent such pro­blems from hap­pe­ning. Har­der, but just as ne­ces­sa­ry, is en­ga­ging hearts and minds in cor­po­ra­te cul­tu­re, to know why tra­de se­crets are im­por­tant, why we are all are res­pon­si­ble for pro­tec­ting them, and what may hap­pen if we do not (to both the com­pa­ny and the in­di­vi­du­al). In our ex­pe­rien­ce, the bu­si­nes­ses with the stron­gest de­fen­ces ha­ve not on­ly thought stra­te­gi­cally about their in­tan­gi­ble as­sets and how best to pro­tect them but are al­so pre­pa­red for the worst. The trick to avoi­ding an as­set be­co­ming a cri­sis is to be wi­se be­fo­re the event.Tom Scour­field, Co-Head, In­tel­lec­tu­al Pro­per­ty Group, CMS
27/05/2021
GD­PR En­for­ce­ment Trac­ker Re­port
When the GD­PR was al­rea­dy in for­ce, but not yet ap­pli­ca­ble (and not a sin­gle fi­ne had been im­po­sed yet), much at­ten­ti­on was paid to the for­mi­da­ble fi­ne fra­me­work. For ma­ny com­pa­ny of­fi­cers, this cau­sed fear: if I vi­o­la­te the GD­PR, I ha­ve one foot in jail (or at least my or­ga­ni­sa­ti­on has to pay EUR 20 mil­li­on or 4% of its glo­bal an­nu­al tur­n­over, cal­cu­la­ted for the who­le group, if the com­pa­ny is part of one).We be­lie­ve that facts are bet­ter than fear.The con­ti­nuous­ly up­da­ted list of pu­bli­cly known GD­PR fi­nes in the GD­PR En­for­ce­ment Trac­ker is our 24/7 re­me­dy against fear, whi­le the an­nu­al En­for­ce­ment Trac­ker Re­port is our deep di­ve and per­mits mo­re in­sights in­to the world of GD­PR fi­nes. We are plea­sed that our ana­ly­sis for this se­cond edi­ti­on of the ET Re­port is ba­sed on a lar­ger over­all da­ta set of mo­re than 570 fi­ne ca­ses, 526 of which ma­de it in­to the edi­to­ri­al team's works­heet.Mo­re in­ter­na­ti­o­nal­We are even mo­re plea­sed that mo­re in­ter­na­ti­o­nal col­lea­gues sup­por­ted us this ti­me and pro­vi­ded de­tai­led in­put on en­for­ce­ment prac­ti­ce, in par­ti­cu­lar for EU mem­ber sta­tes in the new mem­ber sta­te in­ter­views (Edi­tor's no­te: the Uni­ted King­dom remains part of the En­for­ce­ment Trac­ker Re­port and the En­for­ce­ment Trac­ker as the UK Ge­ne­ral Da­ta Pro­tec­ti­on Re­gu­la­ti­on en­su­res re­gu­la­to­ry con­sis­ten­cy re­gard­less of Brexit).Lo­cal law and prac­ti­ce mat­ter­Af­ter al­most three ye­ars of GD­PR ap­pli­ca­ti­on, we are not the on­ly on­es to ha­ve lear­ned one thing: des­pi­te the GD­PR's full har­mo­ni­sa­ti­on ap­pro­ach, hard­ly any other area is sha­ped mo­re by na­ti­o­nal laws and of­fi­ci­al prac­ti­ce than GD­PR fi­nes. This may be a rea­son why Spain still tops the list of coun­tries with the most fi­nes this year.Exe­cu­ti­ve Sum­ma­ry­As we are awa­re that pri­va­cy pro­fes­si­o­nals are un­li­ke­ly to ha­ve a pea­ce­ful job in the­se chal­len­ging ti­mes, the se­cond edi­ti­on kicks off with an exe­cu­ti­ve sum­ma­ry for the quick rea­der (in­clu­ding over­all ta­kea­ways, in ad­di­ti­on to sec­tor-spe­ci­fic ob­ser­va­ti­ons). Ha­ving in­ten­ti­o­nal­ly op­ted for an on­li­ne-on­ly pu­bli­ca­ti­on, the ET Re­port's Exec­Sum is the on­ly part that you can con­ve­nient­ly down­load (or even print out for bed­ti­me rea­ding wit­hout a di­gi­tal de­vi­ce).Num­bers & fi­gu­res and sec­tor ap­pro­ach­We ha­ve put to­gether an over­all sum­ma­ry of the exis­ting fi­nes in the "Num­bers and Fi­gu­res" sec­ti­on, fol­lo­wed by tried-and-tested ana­ly­sis for the fol­lo­wing bu­si­ness sec­tors:Fi­nan­ce, in­su­ran­ce and con­sul­ting­Ac­com­mo­da­ti­on and hos­pi­ta­li­tyHe­alth careIn­du­stry and com­mer­ce­Re­al es­ta­te­Me­dia, te­le­coms and broad­cas­ting­Pu­blic sec­tor and edu­ca­ti­on­Trans­porta­ti­on and ener­gyIn­di­vi­du­als and pri­va­te as­so­ci­a­ti­ons plus the over­ar­ching ca­te­go­ry­Em­ploy­men­tY­our ta­kea­ways­T­his in-depth ana­ly­sis per­mits first con­clu­si­ons to be drawn as to which bu­si­ness sec­tors at­trac­ted par­ti­cu­lar­ly hef­ty fi­nes. We al­so ana­ly­sed the DPAs' rea­so­nings for the fi­nes. The­se as­pects to­gether al­low us to pro­vi­de you with key ta­kea­ways for each bu­si­ness sec­tor. Apart from the law­ful­ness of each da­ta pro­ces­sing ope­ra­ti­on, bol­ste­ring da­ta se­cu­ri­ty should remain in the spot­light for eve­ry or­ga­ni­sa­ti­on. The­re are al­rea­dy re­le­vant in­di­ca­ti­ons in terms of da­ta pro­tec­ti­on li­ti­ga­ti­on – in par­ti­cu­lar, da­ta sub­jects' claims for ma­te­ri­al or im­ma­te­ri­al da­ma­ges un­der Art. 82 of the GD­PR are on the ri­se. This trend is un­li­ke­ly to stop, being in par­ti­cu­lar sup­por­ted by col­lec­ti­ve re­dress me­cha­nis­ms and legal tech of­fe­rings that are al­rea­dy in­cre­a­sing the risks of and re­sour­ces nee­ded for da­ta pro­tec­ti­on claims ma­na­ge­ment.Me­tho­do­lo­gy­We do not re­sort to witch­craft nor do we ha­ve pre­fe­ren­ti­al ac­cess to GD­PR fi­ne in­for­ma­ti­on (at least in most ca­ses, but we are still wor­king on that…) when wor­king in the En­for­ce­ment Trac­ker en­gi­ne room and pre­pa­ring the En­for­ce­ment Trac­ker Re­port. In ad­di­ti­on to our ne­ces­sa­ry fo­cus on pu­bli­cly avai­la­ble fi­nes, the­re are so­me other in­he­rent li­mits to the da­ta be­hind this who­le exer­ci­se. For the "small print", plea­se see our mo­re de­tai­led re­marks on me­tho­do­lo­gy. On a mo­re ge­ne­ral le­vel, alt­hough we ha­ve do­ne our best to break down a com­plex to­pic in­to neat pie­ces, we ha­ve re­sisted the tempta­ti­on to fol­low SEO re­com­men­da­ti­ons for the who­le con­tent pack­a­ge and would ask you to con­si­der it a "long read" for­mat if you de­ci­de to read it in full.Wha­t's next?The En­for­ce­ment Trac­ker Re­port and the En­for­ce­ment Trac­ker are a work in pro­gress. We high­ly ap­pre­ci­a­te any form of feed­back (pre­fe­ra­bly con­struc­ti­ve…) and would li­ke to thank eve­ry­bo­dy who has re­a­ched out over the last year. We re­cei­ved in­te­res­ting ide­as, in­for­ma­ti­on about for­got­ten fi­nes (hi­d­den dee­ply in re­mo­te cor­ners of a sup­po­sed­ly com­ple­te­ly cap­tu­red world) and re­com­men­da­ti­ons for ad­di­ti­o­nal fea­tu­res (our buc­ket list is gro­wing stea­di­ly), as well as re­le­vant con­tri­bu­ti­ons from sta­ke­hol­ders out­si­de the EU – de­mon­stra­ting that the da­ta pro­tec­ti­on lands­ca­pe is evol­ving rapid­ly on a glo­bal sca­le and in­ter­fa­ces bet­ween na­ti­o­nal/re­gi­o­nal con­cepts are de­vel­o­ping even in the ab­sen­ce of a glo­bal da­ta pro­tec­ti­on law. We ha­ve en­ga­ged with peers from the legal pro­fes­si­on, pri­va­cy pro­fes­si­o­nals with a mo­re ad­van­ced tech back­ground as well as re­searchers from va­rious dis­ci­pli­nes. We stron­gly en­cou­ra­ge you to con­ti­nue en­ga­ging with us. And we apo­lo­gi­se in ad­van­ce if our feed­back may ta­ke so­me ti­me; the da­ta pro­tec­ti­on world is not a qui­et one right now.Stay sa­fe – and keep on figh­ting, Chris­ti­an Run­te, Mi­chael Kamps, edi­tors and the en­for­ce­ment trac­king and re­por­ting team
17/06/2021
Cy­ber­ri­si­co’s uit­ge­licht: de ju­ri­disch-stra­te­gi­sche uit­da­gin­gen
De toe­ne­men­de golf van ransom­wa­re aan­val­len toont aan dat cy­ber­weer­baar­heid voor vrij­wel al­le or­ga­ni­sa­ties een aan­dachts­punt dient te blij­ven. Het blijkt in de prak­tijk las­tig om de steeds ge­a­van­ceer­de­re...
11/05/2021
CMS IP/TMC up­da­te mei 2021
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMT gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving...
06/04/2021
CMS IP/TMC up­da­te april 2021
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMT gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving...
02/03/2021
CMS IP/TMC Up­da­te Maart 2021
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMT gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving...
28/01/2021
CMS IP/TMC up­da­te fe­bru­a­ri 2021
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMC gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving...
08/12/2020
CMS IP/TMC up­da­te de­cem­ber 2020
De con­ti­nue ont­wik­ke­ling op het ge­bied van IP & TMT gaat ge­paard met een toe­ne­men­de rol van tech­no­lo­gie, een con­ti­nu ver­schui­ving van de of­fli­ne naar de on­li­ne we­reld en de bij­be­ho­ren­de ver­an­de­ren­de re­gel­ge­ving...
22/10/2020
CMS lan­ceert da­ta­lek-app
CMS lan­ceert de 'B­reach As­sis­tant'-app. De app be­ge­leidt be­drij­ven over de he­le we­reld tij­dens de eer­ste kri­tie­ke uren van da­ta­lek­ken en an­de­re cy­be­rin­ci­den­ten.CMS heeft de app ont­wik­keld sa­men met spe­ci­a­lis­ten...