Privacy law

The privacy specialists of Hekkelman know everything about privacy law. Compliance with complex privacy regulations is of great importance. Think for example of managing personnel files, patient records, citizen or customer databases, sending emails, copying identity documents or an internet check of a job applicant. Hekkelman lawyers keep a sharp eye on current developments in privacy regulations and will be pleased to advise you.

Some frequently asked questions about privacy

  • Violation of the GDPR can result in substantial fines, but also in reputation damage. That is why it is also important from a political point of view to comply with privacy regulations. This requires that the right steps be taken. For example, citizens will have to be informed about how their personal data is handled and the possibility of them exercising their rights under the GDPR will have to be arranged. To be able to inform citizens, the use of personal data will have to be mapped out and its permissibility assessed.

  • If sensitive client data has gone public as a result of a data breach, the damage must be contained. The lawyers at Hekkelman will first of all analyse whether there is indeed a data breach that needs to be reported to the Data Protection Authority and/or to the customers affected. We then advise on applying additional measures and limiting the loss sustained. We will also assess whether it is advisable to hold the hosting provider liable. In case of doubt or questions, please contact us directly.

  • Hekkelman specialists assist various municipalities with questions about privacy. In order to answer these questions, we organise (in-house) tailor-made workshops and assist municipalities in drawing up privacy statements and setting up the compulsory processing register. We also offer guidance in reporting and dealing with data breaches and in assessing DPIAs. Hekkelman is also the right partner for the assessment and drawing up of (processor) agreements and covenants. Finally, we will be happy to supervise projects aimed at making certain domains privacy-proof. In short, our specialists are at home in all markets.

  • If you reject the applicant, you must destroy their personal data (letter, CV, possibly interview notes) within 4 weeks of the rejection or closure of the application procedure. If you find a suitable candidate, but you do not have a suitable vacancy at that moment, you may, on certain conditions, keep the personal data for a maximum of 12 months. The most important condition for this is that the applicant has given their explicit permission to keep their letter and CV for that period.

You cannot find the answer to your question here? Please feel free to contact us.

Clearly Hekkelman.