Ontwerp zonder titel (22)

Privacy & Data Protection

At a time when organisations have an abundance of digital data to manage – including personal data of actual and potential clients and employees – compliance with the General Data Protection Regulation (GDPR, or AVG in Dutch) is paramount, so it is great to be able to leave the interpretation and application of this complex legislation in the very capable hands of our Privacy & Data Protection Team on your behalf. 

Our team’s approach is focused on dealing with any legal requirements in a responsible and practical manner, and the team is used to moving quickly, in particular, in enforcement actions by the Dutch Personal Data Authority and the assessment of security breaches and data breaches which must be reported within 72 hours at the latest, but also in all other situations where clients expect a prompt response. 

Our Privacy & Data Protection Team believes in the importance of investing in long-term partnerships with clients and acts as a dedicated sparring partner.   

Artificial intelligence; AI Act 

One development the team is particularly involved with is the rise of artificial intelligence. For the general public, this rise has become highly noticeable with the launch of AI chatbots like ChatGPT. At a European level, the AI Act has now been enacted, setting out rules for the marketing and use of AI systems. Our team can advise organisations on the use of AI as well as on services and products based on this technology. 

European legislation

European legislation in the digital domain continues to evolve. With the Digital Services Act and Digital Markets Act already in force imposing new requirements on internet platforms and the Data Regulation and Data Governance Regulation aiming to encourage data availability and exchange. An e-privacy regulation is still being prepared. In addition, new rules on security of ICT systems have been laid down in DORA (Digital Operational Resilience Act) and NIS-2. It goes without saying that these developments are being closely monitored by our Privacy & Data Protection Team. 


Our Privacy & Data Protection Team has specific experience in the Government, Leisure & Retail, Data & ICT, Finance and Life Sciences & Healthcare sectors. 

Here’s what we can do for you

Advising public authorities on privacy not only requires knowledge of the GDPR, but also of public authorities and administrative law. La Gro has been assisting more than 20 decentralised public authorities and is fully conversant with the specific backgrounds relevant to advising the government. We can assist public authorities in applying the GDPR in the broadest sense, including providing support in drafting policies, data protection impact assessments (DPIAs), protocols, covenants, agreements, and other documentation, also on a project basis. We also assist governments in proceedings in connection with data access and data removal requests, and liability. 

The consequences of a security breach or data breach can be huge. Recently, hijackings of entire IT systems have become a regular occurrence, potentially bringing your entire organisation to a standstill. When you are faced with matters of this nature, our Privacy & Data Protection Team will act quickly by advising on the available options and measures to be taken, not only in respect of whether the Dutch Personal Data Authority and the data subject should be notified, but also regarding all the practical matters surrounding a data breach, and in respect of any potential liability. 

It goes without saying that prevention is better than cure, so we will be glad to advise you on preventive measures in order to minimise the chances of your organisation ending up in a situation like that.   

La Gro often advises on the development and application of new technologies and business models, such as the application of big data, AI, biometrics, the Internet of Things, applications, apps, and platform and online services. Such new technologies raise a variety of legal matters regarding privacy and data protection. Our lawyers have extensive experience of dealing with these legal matters and can help you make well-considered choices regarding ICT projects and technical innovations. If necessary, they will work in multidisciplinary teams together with specialists from other areas of law.

Processing personal data for marketing purposes is a hot topic at the moment. Is it still permissible considering the ‘legitimate interest’ principle? When is consent required? If consent is required, it is subject to strict requirements under the GDPR/AVG. Another hot topic is data storage. May data still be shared outside of Europe and stored with a US Cloud Service Provider? What requirements must be met when doing so?

Our lawyers have extensive experience of processing personal data for marketing purposes. They will be glad to advise you on the right approach, including for innovative applications and in an online context.

La Gro’s privacy & data protection lawyers assist companies and other organisations in implementing the GDPR/AVG, by providing training, workshops, quick scans, and inventories. They also prepare any necessary documents, such as protocols relating to mandatory notification of data breaches, privacy policy documents, processing registers and data protection impact assessments (DPIAs).

We also advise on the application of the GDPR/AVG, for example when introducing new services and products and drafting privacy statements. We also carry out compliance checks and due diligence in the area of personal data. 

Lastly, we can assist organisations in audit visits and enforcement processes by the Dutch Personal Data Authority. In respect of privacy and personal data, we conduct civil and administrative proceedings, including those involving the Dutch Personal Data Authority. 

Health-related data is extremely sensitive personal data and its processing is subject to stricter requirements. The regulator keeps a close eye on the sector and has already imposed a fair number of fines on hospitals and other parties in the medical sector. For a healthcare provider, it is essential to have your compliance in order.  

Healthcare is an innovative sector in which new technologies, such as medical apps and electronic health records, are constantly being developed, leading to a variety of legal matters in the areas of privacy and data protection. Our lawyers have extensive experience of dealing with legal matters in healthcare and can help you make well-considered choices regarding ICT projects and technological innovations. If necessary, they work in multidisciplinary teams together with specialists from other areas of law. 

Call: +31 172 530 250