Data Protection & Privacy

Since the General Data Protection Regulation (GDPR) was introduced in 2018, privacy and data protection have been important issues for many organisations. Its importance is underlined by the possibility of being fined by the Dutch Data Protection Authority (Dutch DPA). Those fines can be as high as €20,000,000 or 4% of the organisation’s global annual revenue. Each organisation must identify what personal data it processes, and for what purposes. Questions include whether if and with whom, data may be shared and how long employee data may be retained and how to give effect to requests for access and other requests from data subjects.

The Data Protection & Privacy team at Rutgers & Posch work with the firm’s Employment and Healthcare teams to help organisations effectively navigate the complicated privacy and data rules. The team has specific expertise in the area of privacy and data protection where employment and healthcare meet.

We advise and litigate on:

  • Privacy policies and privacy statements
  • Data processing agreements and joint controller agreements
  • Whistleblower protection schemes
  • Data exchanges in collaborations and supply chains
  • E-health, medical aids, healthcare platforms
  • Use of personal data for medical and/or scientific research
  • Professionals’ duty of confidentiality and data protection
  • Storage of medical data
  • Enforcement and procedures
  • Investigations by supervisory authorities (including the Dutch DPA, the Health and Youth Care Inspectorate (IGJ) and the Healthcare Authority (NZa))