Reinier advises national and international companies
reinier.russell@russell.nl +31 20 301 55 55With the European General Data Protection Regulation (GDPR), the appointment of a data protection officer has become mandatory for certain businesses and organizations. What are the duties of this officer and what kind of businesses are required to appoint such an officer?
According to the European General Data Protection Regulation (GDPR), businesses and organizations must appoint a data protection officer if:
If your business has appointed a data protection officer in the Netherlands, you have to provide the contact data to the Personal Data Authority.
The data protection officer – also referred to as privacy officer – is an independent person who monitors the general quality of the data protection policy of an organization. Therefore, while performing his tasks, he cannot receive instructions from you as the employer or client. In addition, a data protection officer may not be dismissed or fined due to his or her work. However, the officer may also carry out other work, provided that this does not create a conflict of interest.
The data protection officer will control whether the processing of data in your company is in accordance with the General Data Protection Regulation. Therefore, the controller and processor must involve the officer in a timely manner in any processing of personal data. If the data protection officer detects irregularities, he must report them to the person in charge or to the company he was appointed by.
In addition, the data protection officer is allowed to make recommendations. However, these recommendations have an advisory function only. Ultimately, it’s up to the person in charge whether to follow the advice of the data protection officer or not.
Appointing a data protection officer means you will have a “watchdog” within your company. You will also have an in-house expert who can quickly provide insight on the right way of data processing. To ensure that this expertise will be maintained, the employer is required to provide the necessary means, including training. The national data protection agency will act reluctantly if the data protection officer performs his duties properly.
More information on the European privacy rules can be found in other newsletters in this series:
Would you like to know more about the application of the General Data Protection Regulation, or do you have any other questions on how to organize your company in the context of the data protection regulation? Please contact us:
Wednesday 25 September 2024, Reinier Russell will discuss cybersecurity and data protection in litigation at the European meeting of the World Litigation Forum in Barcelona.
An important way to prevent an assignment contract from turning out to be an employment contract after all is to use and correctly implement the model agreements on the website of the Dutch Tax and Customs Administration. However, from 1 January 2024, all models that partially or completely assume the possibility of substitution will expire. What does this mean for principals and contractors?
The WHOA makes it easier for a company facing bankruptcy to avoid bankruptcy. This can be done through a binding agreement with all creditors, even if they do not all agree to the arrangement. What rights do creditors have in WHOA proceedings?
On 12 June 2023, the new EU General Product Safety Regulation entered into force. As of 13 December 2024, products must comply with this regulation. What are the consequences of the new Product Safety Regulation? Which entrepreneurs should start taking measures now?
Fraud causes billions in damages each year. Companies face, for example, fraudulent contracting parties, directors and employees. The management and supervisory board might play the most important role in a company when it comes to fraud prevention. In this newsletter we will give them some legal tools to prevent fraud.
Company directors and company owners are more than ever reliant on assets such as a company’s brand name, patented inventions, trade secrets, customer data base and skillful employees. Yet, all too often, when faced with a potential infringement or misappropriation, companies find themselves woefully underprepared in terms of risk management. This may prove highly detrimental to the company’s best interests.