Last Updated March 28, 2019

Law and Practice

Contributed By Vondst Advocaten N V

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

There is no statutory requirement to implement a written information security plan or programme, incident response plan, or insider threat programme under Dutch law. In addition, there is no statutory requirement to appoint a chief information security officer, or the equivalent, to involve the board of directors in privacy-related matters, to conduct vulnerability scanning, penetration tests, or vendor and service provider due diligence or to provide training on handling personal data. Nevertheless, it is best practice in the Netherlands to do so. For example, implementing a written information security plan and conducting vulnerability scanning and penetration tests could be part of the appropriate security measures taken to comply with the GDPR, and, if applicable, the Wbni or other sector-specific laws and regulations. The implementation of an incident response plan could help to comply with data breach and cyber-security notification requirements under Dutch and EU laws.

The GDPR requires controllers, however, to conduct a DPIA for certain types of processing operations. The EDPB has provided guidance on this matter in its 2017 guidelines on DPIA and determining whether processing is “likely to result in a high risk for the purposes of the GDPR” (WP 248). Moreover, the GDPR requires certain categories of controllers to appoint a DPO.

Vondst Advocaten N V

Jacob Obrechtstraat 56
1071 KN Amsterdam

+31 20 504 20 00

+31 20 504 20 10

info@vondst.com www.vondst.com
Author Business Card

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.