flib 50 jaar
+31(0) 205 210 130 (24/7)
Ned| Eng

Privacy law

Privacy law: dealing with privacy rules

Privacy law is crucial for companies in the modern (digital) world. Companies and organizations that process personal data must follow strict rules. These rules are laid down in the privacy law, the General Data Protection Regulation (AVG). Privacy rights protect individuals’ personal data and regulate how companies and organizations collect, store and use this data. How do privacy rights work? And which companies have to deal with the privacy law?

What is privacy law?

Privacy law regulates everything to do with protecting people’s personal data: the right to privacy and the right to protection. These rights ensure that people maintain (digital) control over personal data. In the digital world, privacy is a topic of increasing importance and scope. Therefore, privacy law is a complex and constantly evolving area of law, with more and more requirements and new regulations being developed. Companies need to be aware of the legal obligations and strict standards governing data protection and ethical responsibility when processing personal data.

What is covered by privacy law?

Privacy law covers a wide range of issues aimed at protecting personal data and the privacy of individuals. Specifically, privacy law requires companies to comply with privacy rules around the right to privacy in order to avoid legal penalties and large fines. The most well-known part of privacy law is General Data Protection Regulation (AVG).

What law regulates privacy protection?

Privacy protection is regulated through the General Data Protection Regulation (AVG). The AVG is a European regulation that regulates the protection of personal data and the right to privacy within the European Union. Privacy law requires companies to comply with strict regulations regarding the collection, processing and management of personal data.

General data protection regulation (AVG)

The General Data Protection Regulation has been in effect since May 25, 2018 and replaces previous privacy directives. The AVG applies to all organizations, regardless of location, that process personal data of EU citizens. The purpose of the AVG is to protect the privacy of individuals and ensure that personal data is handled in a fair and transparent manner. Organizations that fail to comply with the AVG may face fines of up to millions of euros. Therefore, it is vital for companies and organizations to comply with these regulations.

What does processing personal data mean?

Processing personal data refers to any operation or set of operations performed on personal data – from data collection and recording to data dissemination, blocking and erasure. Examples of these operations (activities) in everyday practice include recording information about individuals, storing data in databases, analyzing data and sharing data with other parties. When processing personal data, the principles of data protection (AVG) must be observed at all times.

What is allowed and what is not allowed by the AVG?

What is allowed by the AVG:

 

  • Organizations are allowed to collect personal data, but only for specific, lawful and legitimate purposes.
  • Companies and organizations must seek consent to process data, and this consent must be voluntary, informed and specific.
  • Organizations must ensure that the data collected is accurate and current.
  • Businesses and organizations must take adequate organizational security measures to protect data from loss, theft or unauthorized access.
  • Individuals have the right to access, correct or delete their own data.
  • Data transfers between organizations must comply with AVG regulations.

What is not allowed by the AVG:

  • Organizations may not collect personal data without a valid reason.
  • Companies and organizations may not use data for purposes other than those for which it was collected.
  • Sensitive data, such as race, religion, sexual orientation, etc., may only be processed under strict conditions.
  • Data may not be kept longer than necessary for its intended purpose.
  • Automated decision-making without human intervention is limited and subject to specific rules.


Other topics of privacy law

In addition to the AVG, privacy law includes other components. Important aspects of privacy law include:

  • Privacy policy: developing a policy to comply with privacy law as well as informing users about how data is processed and used
  • Data Privacy Impact Assessment (DPIA): evaluating data processing to identify and minimize privacy risks
  • Data Subject Access Request (DSARS): individuals have the right to access their own data, as well as the right to be forgotten and the right to data portability
  • Data Breach Notification (data breach or data loss): organizations are required to report a data breach to relevant authorities and data subjects if the breach is likely to harm the privacy of individuals

Companies and organizations are expected to comply with laws and regulations to avoid legal penalties and fines. Good privacy compliance also contributes to the trust that customers, consumers and partners have in a company. Actively countering data breaches, loss of customer data, and strict compliance with privacy law and regulations prevents serious reputational damage.

What to do when privacy is violated?

When a privacy violation occurs, individuals can take several steps. For example, an individual can file a complaint with the Personal Data Authority (AP). The AP is the supervisory authority for privacy issues in the Netherlands. In addition, there are several hotlines for privacy violations in the Netherlands. In serious cases, a person can take legal action against the responsible party. If companies receive a request from a data subject for access to personal data, they must respond within a set time (usually 1 month).

Privacy breaches can have far-reaching consequences for a business or organization. For example, confidential business information may be lost or fall into the wrong hands, and malicious parties may gain access to protected personal information. In addition to fines for violating privacy laws, which can be hefty depending on the severity of the violation, a privacy violation can lead to lengthy, costly litigation and reputational damage.

Safeguarding privacy: be active and alert

Safeguarding privacy requires a proactive attitude on the part of organizations. Those who want to comply with AVG regulations and prevent data breaches or privacy violations would do well to create awareness. Make sure all employees are aware of privacy laws and the importance of data protection. Map out what information is collected, where data is stored and who has access to it. It goes without saying that data collected under privacy law requires explicit consent from data subjects.

What can a privacy law attorney do?

Privacy law has changed tremendously in recent years. Take, for example, just the exchange of personal data between Europe and the United States. And with lightning-fast current developments, for example in the field of artificial intelligence (AI) and the shift to the cloud, this area of law is only becoming more complex and extensive. A privacy law attorney from Fruytier Lawyers in Business can assist you (proactively) in various areas.

We help companies and organizations understand and comply with privacy legislation through compliance and advice, drafting privacy policies, as well as supporting clients in the event of a data breach and in legal matters. We are happy to answer your questions and advise on finding suitable measures from different perspectives. For more information, contact a privacy law attorney at Fruytier Lawyers in Business directly and receive no-obligation legal advice.

 

Privacy law specialists

Marcel Fruytier

Marcel Fruytier
(lawyer)

Find out more about Marcel
Jop Fellinger

Jop Fellinger
(lawyer)

Find out more about Jop
Myrddin van Westendorp

Myrddin van Westendorp
(lawyer)

Find out more about Myrddin
Mignon de Vries

Mignon de Vries
(lawyer)

Find out more about Mignon
Vincent van Oosteren

Vincent van Oosteren
(lawyer)

Find out more about Vincent
Koen Wanders

Koen Wanders
(lawyer)

Find out more about Koen
Joël de Bruijn

Joël de Bruijn
(lawyer)

Find out more about Joël
Judy Sliepen

Judy Sliepen
(lawyer)

Find out more about Judy

Related articles: privacy law

5 March 2025
Effective shareholder dispute resolution: the revamped regime from 2025
Read more
Myrddin van Westendorp
Myrddin van Westendorp
3 March 2025
What is the maximum rent increase in 2025?
Read more
Koen Wanders
Koen Wanders
26 February 2025
Gambling case update: preliminary questions referred to Supreme Court
Read more
Floris Krijt
Floris Krijt
21 February 2025
What are the main differences between trade names and brand names?
Read more
Britt Beumer
Britt Beumer
18 February 2025
Enterprising trustees are burden to creditors of bankruptcy estate
Read more
Hugo Roelink
Hugo Roelink
3 February 2025
Alternative dispute resolutions for entrepreneurs: arbitration & binding opinion
Read more
Floris Krijt
Floris Krijt
28 January 2025
The SAFE Agreement for start-ups and investors
Read more
Ravinder Sukul
Ravinder Sukul
16 January 2025
Class action case Honey: A call to Dutch influencers
Read more
Joël de Bruijn
Joël de Bruijn
Send us a message

In case you have any questions or would like to schedule an appointment, please feel free to use the form below.

    © 2025 Fruytier Lawyers in Business